Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-07-09 03:14:30 -04:00
Code Issues Packages Projects Releases Wiki Activity

Fixes for CORS (#3066)

Browse Source 
* fix regression in company name

* HasOneThrough for company user

* Validation rules for contact email addresses

* Force a blank contact if no contacts passed in client

* Fixes for COR
This commit is contained in:
David Bomba 2019-11-13 22:36:39 +11:00 committed by GitHub
parent e1fa1186d1
commit 62a616fbdc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 18 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/Http/Kernel.php
View File

@ -29,6 +29,7 @@ class Kernel extends HttpKernel
\App\Http\Middleware\TrimStrings::class,
\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
\App\Http\Middleware\TrustProxies::class,
\App\Http\Middleware\Cors::class,
];
/**
@ -108,6 +109,5 @@ class Kernel extends HttpKernel
'password_protected' => \App\Http\Middleware\PasswordProtection::class,
'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
'portal_enabled' => \App\Http\Middleware\ClientPortalEnabled::class,
'cors' => \App\Http\Middleware\Cors::class,
];
}

18
app/Http/Middleware/Cors.php
View File

@ -3,6 +3,7 @@
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Response;
class Cors
{
@ -10,10 +11,25 @@ class Cors
public function handle($request, Closure $next)
{
if($request->getMethod() == "OPTIONS") {
header("Access-Control-Allow-Origin: *");
// ALLOW OPTIONS METHOD
$headers = [
'Access-Control-Allow-Methods'=> 'POST, GET, OPTIONS, PUT, DELETE',
'Access-Control-Allow-Headers'=> 'X-API-SECRET,X-API-TOKEN,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'
];
return Response::make('OK', 200, $headers);
}
return $next($request)
->header('Access-Control-Allow-Origin', '*')
->header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS')
->header('Access-Control-Allow-Headers', 'X-Requested-With, Content-Type, X-Token-Auth, X-API-TOKEN, X-API-SECRET');
->header('Access-Control-Allow-Headers', 'X-API-SECRET,X-API-TOKEN,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range');
}