From b6dab2bc13d61ed4071045e2cdd6f8a5249bd745 Mon Sep 17 00:00:00 2001
From: Hillel Coren <hillelcoren@gmail.com>
Date: Mon, 6 Mar 2017 11:23:50 +0200
Subject: [PATCH] Add CORS support for buy now buttons

---
 app/Http/Kernel.php                           |  1 +
 app/Http/Middleware/Cors.php                  | 22 +++++++++++++++++++
 app/Http/routes.php                           |  5 ++++-
 .../views/partials/white_label.blade.php      | 17 ++++++++++++++
 4 files changed, 44 insertions(+), 1 deletion(-)
 create mode 100644 app/Http/Middleware/Cors.php

diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
index 46a45d9ca6d6..995fc8298d40 100644
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -34,5 +34,6 @@ class Kernel extends HttpKernel
         'permissions.required' => 'App\Http\Middleware\PermissionsRequired',
         'guest' => 'App\Http\Middleware\RedirectIfAuthenticated',
         'api' => 'App\Http\Middleware\ApiCheck',
+        'cors' => '\App\Http\Middleware\Cors',
     ];
 }
diff --git a/app/Http/Middleware/Cors.php b/app/Http/Middleware/Cors.php
new file mode 100644
index 000000000000..f7248cdd42ab
--- /dev/null
+++ b/app/Http/Middleware/Cors.php
@@ -0,0 +1,22 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+
+class Cors
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Closure  $next
+     * @return mixed
+     */
+    public function handle($request, Closure $next)
+    {
+        return $next($request)
+            ->header('Access-Control-Allow-Origin', '*')
+            ->header('Access-Control-Allow-Methods', 'GET, POST');
+    }
+}
diff --git a/app/Http/routes.php b/app/Http/routes.php
index 04d17603ee25..87d9b65fe75d 100644
--- a/app/Http/routes.php
+++ b/app/Http/routes.php
@@ -71,7 +71,10 @@ Route::post('signup/submit', 'AccountController@submitSignup');
 
 Route::get('/auth/{provider}', 'Auth\AuthController@authLogin');
 Route::get('/auth_unlink', 'Auth\AuthController@authUnlink');
-Route::match(['GET', 'POST'], '/buy_now/{gateway_type?}', 'OnlinePaymentController@handleBuyNow');
+
+Route::group(['middleware' => 'cors'], function () {
+    Route::match(['GET', 'POST'], '/buy_now/{gateway_type?}', 'OnlinePaymentController@handleBuyNow');
+});
 
 Route::post('/hook/email_bounced', 'AppController@emailBounced');
 Route::post('/hook/email_opened', 'AppController@emailOpened');
diff --git a/resources/views/partials/white_label.blade.php b/resources/views/partials/white_label.blade.php
index b75055575bb7..f08d2fee786e 100644
--- a/resources/views/partials/white_label.blade.php
+++ b/resources/views/partials/white_label.blade.php
@@ -85,6 +85,23 @@
 
     function buyProduct(affiliateKey, productId) {
         window.open('{{ Utils::isNinjaDev() ? '' : NINJA_APP_URL }}/buy_now/?account_key={{ NINJA_LICENSE_ACCOUNT_KEY }}&product_id=' + productId + '&contact_key={{ Auth::user()->primaryAccount()->account_key }}' + '&redirect_url=' + window.location);
+        /*
+        var url = '{{ Utils::isNinjaDev() ? '' : NINJA_APP_URL }}/buy_now/';
+        var data = {
+            'account_key': '{{ NINJA_LICENSE_ACCOUNT_KEY }}',
+            'contact_key': '{{ Auth::user()->primaryAccount()->account_key }}',
+            'product_id': productId,
+            'redirect_url': window.location,
+            'first_name': '{{ Auth::user()->first_name }}',
+            'last_name': '{{ Auth::user()->last_name }}',
+            'email': '{{ Auth::user()->email }}',
+        };
+        $.post(url, function (data) {
+            var w = window.open();
+            w.document.write(data);
+            w.document.close();
+        });
+        */
     }
 
     function showApplyLicense() {