invoiceninja/app/Http/Middleware/Cors.php

<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Support\Facades\Response;

class Cors
{
    public function handle($request, Closure $next)
    {
        if ($request->getMethod() == 'OPTIONS') {
            header('Access-Control-Allow-Origin: *');

            // ALLOW OPTIONS METHOD
            $headers = [
                'Access-Control-Allow-Methods'=> 'POST, GET, OPTIONS, PUT, DELETE',
                'Access-Control-Allow-Headers'=> 'X-API-PASSWORD-BASE64,X-API-COMPANY-KEY,X-CLIENT-VERSION,X-API-SECRET,X-API-TOKEN,X-API-PASSWORD,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Disposition,Range,X-CSRF-TOKEN,X-XSRF-TOKEN,X-LIVEWIRE',
            ];

            return Response::make('OK', 200, $headers);
        }

        $response = $next($request);

        $response->headers->set('Access-Control-Allow-Origin', '*');
        $response->headers->set('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
        $response->headers->set('Access-Control-Allow-Headers', 'X-API-PASSWORD-BASE64,X-API-COMPANY-KEY,X-API-SECRET,X-API-TOKEN,X-API-PASSWORD,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Disposition,Range,X-CSRF-TOKEN,X-XSRF-TOKEN,X-LIVEWIRE');
        $response->headers->set('Access-Control-Expose-Headers', 'X-APP-VERSION,X-MINIMUM-CLIENT-VERSION,Content-Disposition');
        $response->headers->set('X-APP-VERSION', config('ninja.app_version'));
        $response->headers->set('X-MINIMUM-CLIENT-VERSION', config('ninja.minimum_client_version'));

        return $response;
    }
}
Add Cors functionality and Company Settings Saver (#3060) * Cleanup for settings remove from entities * Fixes for saving and transforming company settings * CompanySettingsSaver * Add Cors 2019-11-12 22:32:28 +01:00			`<?php`

			`namespace App\Http\Middleware;`

			`use Closure;`
Fixes for CORS (#3068) * fix regression in company name * HasOneThrough for company user * Validation rules for contact email addresses * Force a blank contact if no contacts passed in client * Fixes for COR * Fixes for COR * Fixes for CORS 2019-11-13 12:39:53 +01:00			`use Illuminate\Support\Facades\Response;`
Add Cors functionality and Company Settings Saver (#3060) * Cleanup for settings remove from entities * Fixes for saving and transforming company settings * CompanySettingsSaver * Add Cors 2019-11-12 22:32:28 +01:00
			`class Cors`
			`{`
Fixes for tests (#3184) * fix typo * php-cs traits * CS fixer pass * Password protect User routes * Implement checks to prevent editing a deleted record * Clean up payment flows * Fixes for tests 2019-12-30 22:59:12 +01:00			`public function handle($request, Closure $next)`
			`{`
Fixes for CORS 2021-06-02 05:14:40 +02:00			`if ($request->getMethod() == 'OPTIONS') {`
			`header('Access-Control-Allow-Origin: *');`
Add additional headers (#3062) 2019-11-12 22:50:12 +01:00
Fixes for CORS 2021-06-02 05:14:40 +02:00			`// ALLOW OPTIONS METHOD`
			`$headers = [`
			`'Access-Control-Allow-Methods'=> 'POST, GET, OPTIONS, PUT, DELETE',`
add filename to headers for inline files 2023-01-22 23:43:46 +01:00			`'Access-Control-Allow-Headers'=> 'X-API-PASSWORD-BASE64,X-API-COMPANY-KEY,X-CLIENT-VERSION,X-API-SECRET,X-API-TOKEN,X-API-PASSWORD,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Disposition,Range,X-CSRF-TOKEN,X-XSRF-TOKEN,X-LIVEWIRE',`
Fixes for CORS 2021-06-02 05:14:40 +02:00			`];`
Fixes for CORS (#3066) * fix regression in company name * HasOneThrough for company user * Validation rules for contact email addresses * Force a blank contact if no contacts passed in client * Fixes for COR 2019-11-13 12:36:39 +01:00
Fixes for CORS 2021-06-02 05:14:40 +02:00			`return Response::make('OK', 200, $headers);`
			`}`
Fixes for CORS (#3066) * fix regression in company name * HasOneThrough for company user * Validation rules for contact email addresses * Force a blank contact if no contacts passed in client * Fixes for COR 2019-11-13 12:36:39 +01:00
Fixes for tests (#3184) * fix typo * php-cs traits * CS fixer pass * Password protect User routes * Implement checks to prevent editing a deleted record * Clean up payment flows * Fixes for tests 2019-12-30 22:59:12 +01:00			`$response = $next($request);`
Add Cors functionality and Company Settings Saver (#3060) * Cleanup for settings remove from entities * Fixes for saving and transforming company settings * CompanySettingsSaver * Add Cors 2019-11-12 22:32:28 +01:00
Fixes for CORS 2021-06-02 05:14:40 +02:00			`$response->headers->set('Access-Control-Allow-Origin', '*');`
			`$response->headers->set('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');`
add filename to headers for inline files 2023-01-22 23:43:46 +01:00			`$response->headers->set('Access-Control-Allow-Headers', 'X-API-PASSWORD-BASE64,X-API-COMPANY-KEY,X-API-SECRET,X-API-TOKEN,X-API-PASSWORD,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Disposition,Range,X-CSRF-TOKEN,X-XSRF-TOKEN,X-LIVEWIRE');`
add filename to headers for inline files 2023-01-22 23:49:40 +01:00			`$response->headers->set('Access-Control-Expose-Headers', 'X-APP-VERSION,X-MINIMUM-CLIENT-VERSION,Content-Disposition');`
Fixes for V2 (#3408) * Refactor for user * payment notifications * Fixes for contact request * Fix validation for contacts * Fixes for base repo * Fixes for Invoice Repo * hide password field on clientcontact 2020-03-02 11:22:37 +01:00			`$response->headers->set('X-APP-VERSION', config('ninja.app_version'));`
remove x-api-version and replace with x-minimum-client-version 2020-06-21 23:30:25 +02:00			`$response->headers->set('X-MINIMUM-CLIENT-VERSION', config('ninja.minimum_client_version'));`
Laravel 7.x Shift (#40) * Adopt Laravel coding style The Laravel framework adopts the PSR-2 coding style with some additions. Laravel apps should adopt this coding style as well. However, Shift allows you to customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config to your project. You may use [Shift's .php_cs][2] file as a base. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 * Shift bindings PHP 5.5.9+ adds the new static `class` property which provides the fully qualified class name. This is preferred over using class name strings as these references are checked by the parser. * Shift core files * Shift to Throwable * Add laravel/ui dependency * Unindent vendor mail templates * Shift config files * Default config files In an effort to make upgrading the constantly changing config files easier, Shift defaulted them so you can review the commit diff for changes. Moving forward, you should use ENV variables or create a separate config file to allow the core config files to remain automatically upgradeable. * Shift Laravel dependencies * Shift cleanup * Upgrade to Laravel 7 Co-authored-by: Laravel Shift <shift@laravelshift.com> 2020-09-06 11:38:10 +02:00
Fixes for tests (#3184) * fix typo * php-cs traits * CS fixer pass * Password protect User routes * Implement checks to prevent editing a deleted record * Clean up payment flows * Fixes for tests 2019-12-30 22:59:12 +01:00			`return $response;`
			`}`
Apply Laravel coding style Shift automatically applies the Laravel coding style - which uses the PSR-2 coding style as a base with some minor additions. You may customize the code style applied by adding a [PHP CS Fixer][1] or [PHP CodeSniffer][2] ruleset to your project root. Feel free to use [Shift's Laravel ruleset][3] to help you get started. For more information on customizing the code style applied by Shift, [watch this short video][4]. [1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer [2]: https://github.com/squizlabs/PHP_CodeSniffer [3]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200 [4]: https://laravelshift.com/videos/shift-code-style 2022-06-21 11:57:17 +02:00			`}`