Merge pull request #5884 from turbo124/v5-develop

Fixes for CORS
2024-11-10 21:22:58 +01:00 · 2021-06-01 23:08:54 +10:00 · 2021-06-01 23:08:54 +10:00 · 227f39c66c
commit 227f39c66c
parent 5fe49c9e30 5252f83ec6
7 changed files with 454 additions and 398 deletions
--- a/app/Http/Controllers/ImportJsonController.php
+++ b/app/Http/Controllers/ImportJsonController.php
@ -91,6 +91,6 @@ class ImportJsonController extends BaseController
        unlink($file_contents);
        unlink($file_location);

-        return $data
+        return $data;
    }
 }
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@ -41,6 +41,7 @@ use App\Http\Middleware\TrustProxies;
 use App\Http\Middleware\UrlSetDb;
 use App\Http\Middleware\UserVerified;
 use App\Http\Middleware\VerifyCsrfToken;
+use App\Http\Middleware\WebCors;
 use Illuminate\Auth\Middleware\AuthenticateWithBasicAuth;
 use Illuminate\Auth\Middleware\Authorize;
 use Illuminate\Auth\Middleware\EnsureEmailIsVerified;
@ -70,8 +71,9 @@ class Kernel extends HttpKernel
        TrimStrings::class,
        ConvertEmptyStringsToNull::class,
        TrustProxies::class,
-        //\Fruitcake\Cors\HandleCors::class,
+        // \Fruitcake\Cors\HandleCors::class,
        Cors::class,
+        WebCors::class,

    ];

@ -90,7 +92,7 @@ class Kernel extends HttpKernel
            VerifyCsrfToken::class,
            SubstituteBindings::class,
            QueryLogging::class,
-            Cors::class,
+            WebCors::class,
        ],

        'api' => [
--- a/app/Http/Middleware/Cors.php
+++ b/app/Http/Middleware/Cors.php
@ -33,4 +33,4 @@ class Cors

        return $response;
    }
-}
+}
--- a/app/Http/Middleware/WebCors.php
+++ b/app/Http/Middleware/WebCors.php
@ -0,0 +1,36 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Support\Facades\Response;
+use Symfony\Component\HttpFoundation\BinaryFileResponse;
+
+class WebCors
+{
+    public function handle($request, Closure $next)
+    {
+        if ($request->getMethod() == 'OPTIONS') {
+            header('Access-Control-Allow-Origin: *');
+
+            // ALLOW OPTIONS METHOD
+            $headers = [
+                'Access-Control-Allow-Methods'=> 'POST, GET, OPTIONS, PUT, DELETE',
+                'Access-Control-Allow-Headers'=> 'X-API-COMPANY-KEY,X-CLIENT-VERSION,X-API-SECRET,X-API-TOKEN,X-API-PASSWORD,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,X-CSRF-TOKEN,X-LIVEWIRE',
+            ];
+
+            return Response::make('OK', 200, $headers);
+        }
+
+        $response = $next($request);
+
+        $response->headers->set('Access-Control-Allow-Origin', $request->getSchemeAndHttpHost());
+        $response->headers->set('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
+        $response->headers->set('Access-Control-Allow-Headers', 'X-API-COMPANY-KEY,X-API-SECRET,X-API-TOKEN,X-API-PASSWORD,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,X-CSRF-TOKEN,X-LIVEWIRE');
+        $response->headers->set('Access-Control-Expose-Headers', 'X-APP-VERSION,X-MINIMUM-CLIENT-VERSION');
+        $response->headers->set('X-APP-VERSION', config('ninja.app_version'));
+        $response->headers->set('X-MINIMUM-CLIENT-VERSION', config('ninja.minimum_client_version'));
+
+        return $response;
+    }
+}
--- a/composer.json
+++ b/composer.json
@ -30,7 +30,7 @@
        "ext-dom": "*",
        "ext-json": "*",
        "ext-libxml": "*",
-        "asm/php-ansible": "dev-master",
+        "asm/php-ansible": "dev-main",
        "authorizenet/authorizenet": "^2.0",
        "bacon/bacon-qr-code": "^2.0",
        "beganovich/snappdf": "^1.0",
@ -137,4 +137,4 @@
    },
    "minimum-stability": "dev",
    "prefer-stable": true
-}
+}
--- a/composer.lock
+++ b/composer.lock
--- a/config/cors.php
+++ b/config/cors.php
@ -15,7 +15,7 @@ return [
    |
    */

-    'paths' => ['api/*'],
+    'paths' => ['livewire/*'],

    'allowed_methods' => ['*'],