github-mirror/grocy
1
0
Fork 0
mirror of https://github.com/grocy/grocy.git synced 2026-04-07 05:16:15 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

CORS: don't require authentication on OPTIONS

Browse Source
This commit is contained in:
fipwmaqzufheoxq92ebc 2020-08-31 18:18:03 +02:00
parent d5aadc17a6
commit 4bcd5ed416
2 changed files with 19 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app.php
View File

@ -79,5 +79,5 @@ $errorMiddleware->setDefaultErrorHandler(
new \Grocy\Controllers\ExceptionController($app, $container) new \Grocy\Controllers\ExceptionController($app, $container)
); );
$app->add(CorsMiddleware::class); $app->add(new CorsMiddleware($app->getResponseFactory()));
$app->run(); $app->run();

21
middleware/CorsMiddleware.php
View File

@ -2,22 +2,37 @@
namespace Grocy\Middleware; namespace Grocy\Middleware;
use Psr\Http\Message\ResponseFactoryInterface;
use Psr\Http\Message\ServerRequestInterface as Request; use Psr\Http\Message\ServerRequestInterface as Request;
use Psr\Http\Server\RequestHandlerInterface as RequestHandler; use Psr\Http\Server\RequestHandlerInterface as RequestHandler;
use Psr\Http\Message\ResponseInterface as Response; use Psr\Http\Message\ResponseInterface as Response;
use Slim\Routing\RouteContext; use Slim\Routing\RouteContext;
class CorsMiddleware extends BaseMiddleware class CorsMiddleware
{ {
/**
* @var ResponseFactoryInterface
*/
private $responseFactory;
public function __construct(ResponseFactoryInterface $responseFactory)
{
$this->responseFactory = $responseFactory;
}
public function __invoke(Request $request, RequestHandler $handler): Response public function __invoke(Request $request, RequestHandler $handler): Response
{ {
if ($request->getMethod() == "OPTIONS")
$response = $this->responseFactory->createResponse(200);
else {
$response = $handler->handle($request);
}
//$routeContext = RouteContext::fromRequest($request); //$routeContext = RouteContext::fromRequest($request);
//$routingResults = $routeContext->getRoutingResults(); //$routingResults = $routeContext->getRoutingResults();
//$methods = $routingResults->getAllowedMethods(); //$methods = $routingResults->getAllowedMethods();
//$requestHeaders = $request->getHeaderLine('Access-Control-Request-Headers'); //$requestHeaders = $request->getHeaderLine('Access-Control-Request-Headers');
$response = $handler->handle($request);
$response = $response->withHeader('Access-Control-Allow-Origin', '*'); $response = $response->withHeader('Access-Control-Allow-Origin', '*');
$response = $response->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS'); $response = $response->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
$response = $response->withHeader('Access-Control-Allow-Headers', '*'); $response = $response->withHeader('Access-Control-Allow-Headers', '*');