Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-06-23 20:00:33 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5884 from turbo124/v5-develop

Browse Source 
Fixes for CORS
This commit is contained in:
David Bomba 2021-06-01 23:08:54 +10:00 committed by GitHub
commit 227f39c66c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 454 additions and 398 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/Http/Controllers/ImportJsonController.php
View File

@ -91,6 +91,6 @@ class ImportJsonController extends BaseController
unlink($file_contents); unlink($file_contents);
unlink($file_location); unlink($file_location);
return $data return $data;
} }
} }

6
app/Http/Kernel.php
View File

@ -41,6 +41,7 @@ use App\Http\Middleware\TrustProxies;
use App\Http\Middleware\UrlSetDb; use App\Http\Middleware\UrlSetDb;
use App\Http\Middleware\UserVerified; use App\Http\Middleware\UserVerified;
use App\Http\Middleware\VerifyCsrfToken; use App\Http\Middleware\VerifyCsrfToken;
use App\Http\Middleware\WebCors;
use Illuminate\Auth\Middleware\AuthenticateWithBasicAuth; use Illuminate\Auth\Middleware\AuthenticateWithBasicAuth;
use Illuminate\Auth\Middleware\Authorize; use Illuminate\Auth\Middleware\Authorize;
use Illuminate\Auth\Middleware\EnsureEmailIsVerified; use Illuminate\Auth\Middleware\EnsureEmailIsVerified;
@ -70,8 +71,9 @@ class Kernel extends HttpKernel
TrimStrings::class, TrimStrings::class,
ConvertEmptyStringsToNull::class, ConvertEmptyStringsToNull::class,
TrustProxies::class, TrustProxies::class,
//\Fruitcake\Cors\HandleCors::class, // \Fruitcake\Cors\HandleCors::class,
Cors::class, Cors::class,
WebCors::class,
]; ];
@ -90,7 +92,7 @@ class Kernel extends HttpKernel
VerifyCsrfToken::class, VerifyCsrfToken::class,
SubstituteBindings::class, SubstituteBindings::class,
QueryLogging::class, QueryLogging::class,
Cors::class, WebCors::class,
], ],
'api' => [ 'api' => [

36
app/Http/Middleware/WebCors.php Normal file
View File

@ -0,0 +1,36 @@
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Support\Facades\Response;
use Symfony\Component\HttpFoundation\BinaryFileResponse;
class WebCors
{
public function handle($request, Closure $next)
{
if ($request->getMethod() == 'OPTIONS') {
header('Access-Control-Allow-Origin: *');
// ALLOW OPTIONS METHOD
$headers = [
'Access-Control-Allow-Methods'=> 'POST, GET, OPTIONS, PUT, DELETE',
'Access-Control-Allow-Headers'=> 'X-API-COMPANY-KEY,X-CLIENT-VERSION,X-API-SECRET,X-API-TOKEN,X-API-PASSWORD,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,X-CSRF-TOKEN,X-LIVEWIRE',
];
return Response::make('OK', 200, $headers);
}
$response = $next($request);
$response->headers->set('Access-Control-Allow-Origin', $request->getSchemeAndHttpHost());
$response->headers->set('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
$response->headers->set('Access-Control-Allow-Headers', 'X-API-COMPANY-KEY,X-API-SECRET,X-API-TOKEN,X-API-PASSWORD,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,X-CSRF-TOKEN,X-LIVEWIRE');
$response->headers->set('Access-Control-Expose-Headers', 'X-APP-VERSION,X-MINIMUM-CLIENT-VERSION');
$response->headers->set('X-APP-VERSION', config('ninja.app_version'));
$response->headers->set('X-MINIMUM-CLIENT-VERSION', config('ninja.minimum_client_version'));
return $response;
}
}

2
composer.json
View File

@ -30,7 +30,7 @@
"ext-dom": "*", "ext-dom": "*",
"ext-json": "*", "ext-json": "*",
"ext-libxml": "*", "ext-libxml": "*",
"asm/php-ansible": "dev-master", "asm/php-ansible": "dev-main",
"authorizenet/authorizenet": "^2.0", "authorizenet/authorizenet": "^2.0",
"bacon/bacon-qr-code": "^2.0", "bacon/bacon-qr-code": "^2.0",
"beganovich/snappdf": "^1.0", "beganovich/snappdf": "^1.0",

800
composer.lock generated
View File

File diff suppressed because it is too large Load Diff

2
config/cors.php
View File

@ -15,7 +15,7 @@ return [
| |
*/ */
'paths' => ['api/*'], 'paths' => ['livewire/*'],
'allowed_methods' => ['*'], 'allowed_methods' => ['*'],