1
0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2024-11-11 05:32:39 +01:00

Merge pull request #5889 from turbo124/v5-develop

Fixes for CORS
This commit is contained in:
David Bomba 2021-06-02 12:39:59 +10:00 committed by GitHub
commit 06dfbd914d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 157 additions and 23 deletions

View File

@ -65,12 +65,12 @@ class Kernel extends HttpKernel
* @var array * @var array
*/ */
protected $middleware = [ protected $middleware = [
\Fruitcake\Cors\HandleCors::class,
CheckForMaintenanceMode::class, CheckForMaintenanceMode::class,
ValidatePostSize::class, ValidatePostSize::class,
TrimStrings::class, TrimStrings::class,
ConvertEmptyStringsToNull::class, ConvertEmptyStringsToNull::class,
TrustProxies::class, TrustProxies::class,
// \Fruitcake\Cors\HandleCors::class,
Cors::class, Cors::class,
]; ];
@ -95,7 +95,6 @@ class Kernel extends HttpKernel
'throttle:300,1', 'throttle:300,1',
'bindings', 'bindings',
'query_logging', 'query_logging',
Cors::class,
], ],
'contact' => [ 'contact' => [
'throttle:60,1', 'throttle:60,1',
@ -106,7 +105,6 @@ class Kernel extends HttpKernel
EncryptCookies::class, EncryptCookies::class,
AddQueuedCookiesToResponse::class, AddQueuedCookiesToResponse::class,
StartSession::class, StartSession::class,
// \Illuminate\Session\Middleware\AuthenticateSession::class,
ShareErrorsFromSession::class, ShareErrorsFromSession::class,
VerifyCsrfToken::class, VerifyCsrfToken::class,
SubstituteBindings::class, SubstituteBindings::class,
@ -164,6 +162,9 @@ class Kernel extends HttpKernel
protected $middlewarePriority = [ protected $middlewarePriority = [
Cors::class, Cors::class,
AddQueuedCookiesToResponse::class,
VerifyCsrfToken::class,
StartSession::class,
SetDomainNameDb::class, SetDomainNameDb::class,
SetDb::class, SetDb::class,
SetWebDb::class, SetWebDb::class,

View File

@ -10,25 +10,24 @@ class Cors
{ {
public function handle($request, Closure $next) public function handle($request, Closure $next)
{ {
if ($request->getMethod() == 'OPTIONS') { // if ($request->getMethod() == 'OPTIONS') {
header('Access-Control-Allow-Origin: *'); // header('Access-Control-Allow-Origin: *');
// ALLOW OPTIONS METHOD // // ALLOW OPTIONS METHOD
$headers = [ // $headers = [
'Access-Control-Allow-Methods'=> 'POST, GET, OPTIONS, PUT, DELETE', // 'Access-Control-Allow-Methods'=> 'POST, GET, OPTIONS, PUT, DELETE',
'Access-Control-Allow-Headers'=> 'X-API-COMPANY-KEY,X-CLIENT-VERSION,X-API-SECRET,X-API-TOKEN,X-API-PASSWORD,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,X-CSRF-TOKEN,X-LIVEWIRE', // 'Access-Control-Allow-Headers'=> 'X-API-COMPANY-KEY,X-CLIENT-VERSION,X-API-SECRET,X-API-TOKEN,X-API-PASSWORD,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,X-CSRF-TOKEN,X-XSRF-TOKEN,X-LIVEWIRE',
]; // ];
return Response::make('OK', 200, $headers); // return Response::make('OK', 200, $headers);
} // }
$response = $next($request); $response = $next($request);
$response->headers->set('Access-Control-Allow-Origin', '*'); // $response->headers->set('Access-Control-Allow-Origin', '*');
$response->headers->set('Access-Control-Allow-Credentials', 'True'); // $response->headers->set('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
$response->headers->set('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS'); // $response->headers->set('Access-Control-Allow-Headers', 'X-API-COMPANY-KEY,X-API-SECRET,X-API-TOKEN,X-API-PASSWORD,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,X-CSRF-TOKEN,X-XSRF-TOKEN,X-LIVEWIRE');
$response->headers->set('Access-Control-Allow-Headers', 'X-API-COMPANY-KEY,X-API-SECRET,X-API-TOKEN,X-API-PASSWORD,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,X-CSRF-TOKEN,X-LIVEWIRE'); // $response->headers->set('Access-Control-Expose-Headers', 'X-APP-VERSION,X-MINIMUM-CLIENT-VERSION');
$response->headers->set('Access-Control-Expose-Headers', 'X-APP-VERSION,X-MINIMUM-CLIENT-VERSION');
$response->headers->set('X-APP-VERSION', config('ninja.app_version')); $response->headers->set('X-APP-VERSION', config('ninja.app_version'));
$response->headers->set('X-MINIMUM-CLIENT-VERSION', config('ninja.minimum_client_version')); $response->headers->set('X-MINIMUM-CLIENT-VERSION', config('ninja.minimum_client_version'));

View File

@ -28,6 +28,6 @@ class VerifyCsrfToken extends Middleware
* @var array * @var array
*/ */
protected $except = [ protected $except = [
// 'livewire/message/*' 'livewire/message/*'
]; ];
} }

View File

@ -43,6 +43,7 @@
"doctrine/dbal": "^2.10", "doctrine/dbal": "^2.10",
"fakerphp/faker": "^1.14", "fakerphp/faker": "^1.14",
"fideloper/proxy": "^4.2", "fideloper/proxy": "^4.2",
"fruitcake/laravel-cors": "^2.0",
"google/apiclient": "^2.7", "google/apiclient": "^2.7",
"guzzlehttp/guzzle": "^7.0.1", "guzzlehttp/guzzle": "^7.0.1",
"hashids/hashids": "^4.0", "hashids/hashids": "^4.0",

135
composer.lock generated
View File

@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically" "This file is @generated automatically"
], ],
"content-hash": "407c398eefe5bab138b1d984a5116156", "content-hash": "551d077c3d25c2a962f0c2c270618582",
"packages": [ "packages": [
{ {
"name": "asm/php-ansible", "name": "asm/php-ansible",
@ -58,6 +58,62 @@
}, },
"time": "2021-05-09T14:58:03+00:00" "time": "2021-05-09T14:58:03+00:00"
}, },
{
"name": "asm89/stack-cors",
"version": "v2.0.3",
"source": {
"type": "git",
"url": "https://github.com/asm89/stack-cors.git",
"reference": "9cb795bf30988e8c96dd3c40623c48a877bc6714"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/asm89/stack-cors/zipball/9cb795bf30988e8c96dd3c40623c48a877bc6714",
"reference": "9cb795bf30988e8c96dd3c40623c48a877bc6714",
"shasum": ""
},
"require": {
"php": "^7.0|^8.0",
"symfony/http-foundation": "~2.7|~3.0|~4.0|~5.0",
"symfony/http-kernel": "~2.7|~3.0|~4.0|~5.0"
},
"require-dev": {
"phpunit/phpunit": "^6|^7|^8|^9",
"squizlabs/php_codesniffer": "^3.5"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "2.0-dev"
}
},
"autoload": {
"psr-4": {
"Asm89\\Stack\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Alexander",
"email": "iam.asm89@gmail.com"
}
],
"description": "Cross-origin resource sharing library and stack middleware",
"homepage": "https://github.com/asm89/stack-cors",
"keywords": [
"cors",
"stack"
],
"support": {
"issues": "https://github.com/asm89/stack-cors/issues",
"source": "https://github.com/asm89/stack-cors/tree/v2.0.3"
},
"time": "2021-03-11T06:42:03+00:00"
},
{ {
"name": "authorizenet/authorizenet", "name": "authorizenet/authorizenet",
"version": "2.0.2", "version": "2.0.2",
@ -2084,6 +2140,83 @@
}, },
"time": "2021-05-20T17:37:02+00:00" "time": "2021-05-20T17:37:02+00:00"
}, },
{
"name": "fruitcake/laravel-cors",
"version": "v2.0.4",
"source": {
"type": "git",
"url": "https://github.com/fruitcake/laravel-cors.git",
"reference": "a8ccedc7ca95189ead0e407c43b530dc17791d6a"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/fruitcake/laravel-cors/zipball/a8ccedc7ca95189ead0e407c43b530dc17791d6a",
"reference": "a8ccedc7ca95189ead0e407c43b530dc17791d6a",
"shasum": ""
},
"require": {
"asm89/stack-cors": "^2.0.1",
"illuminate/contracts": "^6|^7|^8|^9",
"illuminate/support": "^6|^7|^8|^9",
"php": ">=7.2",
"symfony/http-foundation": "^4|^5",
"symfony/http-kernel": "^4.3.4|^5"
},
"require-dev": {
"laravel/framework": "^6|^7|^8",
"orchestra/testbench-dusk": "^4|^5|^6|^7",
"phpunit/phpunit": "^6|^7|^8|^9",
"squizlabs/php_codesniffer": "^3.5"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "2.0-dev"
},
"laravel": {
"providers": [
"Fruitcake\\Cors\\CorsServiceProvider"
]
}
},
"autoload": {
"psr-4": {
"Fruitcake\\Cors\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Fruitcake",
"homepage": "https://fruitcake.nl"
},
{
"name": "Barry vd. Heuvel",
"email": "barryvdh@gmail.com"
}
],
"description": "Adds CORS (Cross-Origin Resource Sharing) headers support in your Laravel application",
"keywords": [
"api",
"cors",
"crossdomain",
"laravel"
],
"support": {
"issues": "https://github.com/fruitcake/laravel-cors/issues",
"source": "https://github.com/fruitcake/laravel-cors/tree/v2.0.4"
},
"funding": [
{
"url": "https://github.com/barryvdh",
"type": "github"
}
],
"time": "2021-04-26T11:24:25+00:00"
},
{ {
"name": "google/apiclient", "name": "google/apiclient",
"version": "v2.9.1", "version": "v2.9.1",

View File

@ -15,7 +15,7 @@ return [
| |
*/ */
'paths' => ['livewire/*'], 'paths' => ['*'],
'allowed_methods' => ['*'], 'allowed_methods' => ['*'],
@ -23,9 +23,9 @@ return [
'allowed_origins_patterns' => [], 'allowed_origins_patterns' => [],
'allowed_headers' => ['*'], 'allowed_headers' => ['X-API-COMPANY-KEY,X-API-SECRET,X-API-TOKEN,X-API-PASSWORD,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,X-CSRF-TOKEN,X-XSRF-TOKEN,X-LIVEWIRE'],
'exposed_headers' => [], 'exposed_headers' => ['X-APP-VERSION,X-MINIMUM-CLIENT-VERSION,X-CSRF-TOKEN,X-XSRF-TOKEN,X-LIVEWIRE'],
'max_age' => 0, 'max_age' => 0,

View File

@ -196,6 +196,6 @@ return [
| |
*/ */
'same_site' => 'lax', 'same_site' => 'none',
]; ];