Mirrors/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2024-11-08 20:22:42 +01:00
Code Issues Releases Activity

Fixes for CORS

Browse Source
This commit is contained in:
David Bomba 2021-06-02 12:39:44 +10:00
parent 65f00950f6
commit 30e0d4a6ab
7 changed files with 157 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
app/Http/Kernel.php
View File

@ -65,12 +65,12 @@ class Kernel extends HttpKernel
* @var array
*/
protected $middleware = [
\Fruitcake\Cors\HandleCors::class,
CheckForMaintenanceMode::class,
ValidatePostSize::class,
TrimStrings::class,
ConvertEmptyStringsToNull::class,
TrustProxies::class,
// \Fruitcake\Cors\HandleCors::class,
Cors::class,
];
@ -95,7 +95,6 @@ class Kernel extends HttpKernel
'throttle:300,1',
'bindings',
'query_logging',
Cors::class,
],
'contact' => [
'throttle:60,1',
@ -106,7 +105,6 @@ class Kernel extends HttpKernel
EncryptCookies::class,
AddQueuedCookiesToResponse::class,
StartSession::class,
// \Illuminate\Session\Middleware\AuthenticateSession::class,
ShareErrorsFromSession::class,
VerifyCsrfToken::class,
SubstituteBindings::class,
@ -164,6 +162,9 @@ class Kernel extends HttpKernel
protected $middlewarePriority = [
Cors::class,
AddQueuedCookiesToResponse::class,
VerifyCsrfToken::class,
StartSession::class,
SetDomainNameDb::class,
SetDb::class,
SetWebDb::class,

27
app/Http/Middleware/Cors.php
View File

@ -10,25 +10,24 @@ class Cors
{
public function handle($request, Closure $next)
{
if ($request->getMethod() == 'OPTIONS') {
header('Access-Control-Allow-Origin: *');
// if ($request->getMethod() == 'OPTIONS') {
// header('Access-Control-Allow-Origin: *');
// ALLOW OPTIONS METHOD
$headers = [
'Access-Control-Allow-Methods'=> 'POST, GET, OPTIONS, PUT, DELETE',
'Access-Control-Allow-Headers'=> 'X-API-COMPANY-KEY,X-CLIENT-VERSION,X-API-SECRET,X-API-TOKEN,X-API-PASSWORD,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,X-CSRF-TOKEN,X-LIVEWIRE',
];
// // ALLOW OPTIONS METHOD
// $headers = [
// 'Access-Control-Allow-Methods'=> 'POST, GET, OPTIONS, PUT, DELETE',
// 'Access-Control-Allow-Headers'=> 'X-API-COMPANY-KEY,X-CLIENT-VERSION,X-API-SECRET,X-API-TOKEN,X-API-PASSWORD,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,X-CSRF-TOKEN,X-XSRF-TOKEN,X-LIVEWIRE',
// ];
return Response::make('OK', 200, $headers);
}
// return Response::make('OK', 200, $headers);
// }
$response = $next($request);
$response->headers->set('Access-Control-Allow-Origin', '*');
$response->headers->set('Access-Control-Allow-Credentials', 'True');
$response->headers->set('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
$response->headers->set('Access-Control-Allow-Headers', 'X-API-COMPANY-KEY,X-API-SECRET,X-API-TOKEN,X-API-PASSWORD,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,X-CSRF-TOKEN,X-LIVEWIRE');
$response->headers->set('Access-Control-Expose-Headers', 'X-APP-VERSION,X-MINIMUM-CLIENT-VERSION');
// $response->headers->set('Access-Control-Allow-Origin', '*');
// $response->headers->set('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
// $response->headers->set('Access-Control-Allow-Headers', 'X-API-COMPANY-KEY,X-API-SECRET,X-API-TOKEN,X-API-PASSWORD,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,X-CSRF-TOKEN,X-XSRF-TOKEN,X-LIVEWIRE');
// $response->headers->set('Access-Control-Expose-Headers', 'X-APP-VERSION,X-MINIMUM-CLIENT-VERSION');
$response->headers->set('X-APP-VERSION', config('ninja.app_version'));
$response->headers->set('X-MINIMUM-CLIENT-VERSION', config('ninja.minimum_client_version'));

2
app/Http/Middleware/VerifyCsrfToken.php
View File

@ -28,6 +28,6 @@ class VerifyCsrfToken extends Middleware
* @var array
*/
protected $except = [
// 'livewire/message/*'
'livewire/message/*'
];
}

1
composer.json
View File

@ -43,6 +43,7 @@
"doctrine/dbal": "^2.10",
"fakerphp/faker": "^1.14",
"fideloper/proxy": "^4.2",
"fruitcake/laravel-cors": "^2.0",
"google/apiclient": "^2.7",
"guzzlehttp/guzzle": "^7.0.1",
"hashids/hashids": "^4.0",

135
composer.lock generated
View File

@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
"content-hash": "407c398eefe5bab138b1d984a5116156",
"content-hash": "551d077c3d25c2a962f0c2c270618582",
"packages": [
{
"name": "asm/php-ansible",
@ -58,6 +58,62 @@
},
"time": "2021-05-09T14:58:03+00:00"
},
{
"name": "asm89/stack-cors",
"version": "v2.0.3",
"source": {
"type": "git",
"url": "https://github.com/asm89/stack-cors.git",
"reference": "9cb795bf30988e8c96dd3c40623c48a877bc6714"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/asm89/stack-cors/zipball/9cb795bf30988e8c96dd3c40623c48a877bc6714",
"reference": "9cb795bf30988e8c96dd3c40623c48a877bc6714",
"shasum": ""
},
"require": {
"php": "^7.0|^8.0",
"symfony/http-foundation": "~2.7|~3.0|~4.0|~5.0",
"symfony/http-kernel": "~2.7|~3.0|~4.0|~5.0"
},
"require-dev": {
"phpunit/phpunit": "^6|^7|^8|^9",
"squizlabs/php_codesniffer": "^3.5"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "2.0-dev"
}
},
"autoload": {
"psr-4": {
"Asm89\\Stack\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Alexander",
"email": "iam.asm89@gmail.com"
}
],
"description": "Cross-origin resource sharing library and stack middleware",
"homepage": "https://github.com/asm89/stack-cors",
"keywords": [
"cors",
"stack"
],
"support": {
"issues": "https://github.com/asm89/stack-cors/issues",
"source": "https://github.com/asm89/stack-cors/tree/v2.0.3"
},
"time": "2021-03-11T06:42:03+00:00"
},
{
"name": "authorizenet/authorizenet",
"version": "2.0.2",
@ -2084,6 +2140,83 @@
},
"time": "2021-05-20T17:37:02+00:00"
},
{
"name": "fruitcake/laravel-cors",
"version": "v2.0.4",
"source": {
"type": "git",
"url": "https://github.com/fruitcake/laravel-cors.git",
"reference": "a8ccedc7ca95189ead0e407c43b530dc17791d6a"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/fruitcake/laravel-cors/zipball/a8ccedc7ca95189ead0e407c43b530dc17791d6a",
"reference": "a8ccedc7ca95189ead0e407c43b530dc17791d6a",
"shasum": ""
},
"require": {
"asm89/stack-cors": "^2.0.1",
"illuminate/contracts": "^6|^7|^8|^9",
"illuminate/support": "^6|^7|^8|^9",
"php": ">=7.2",
"symfony/http-foundation": "^4|^5",
"symfony/http-kernel": "^4.3.4|^5"
},
"require-dev": {
"laravel/framework": "^6|^7|^8",
"orchestra/testbench-dusk": "^4|^5|^6|^7",
"phpunit/phpunit": "^6|^7|^8|^9",
"squizlabs/php_codesniffer": "^3.5"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "2.0-dev"
},
"laravel": {
"providers": [
"Fruitcake\\Cors\\CorsServiceProvider"
]
}
},
"autoload": {
"psr-4": {
"Fruitcake\\Cors\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Fruitcake",
"homepage": "https://fruitcake.nl"
},
{
"name": "Barry vd. Heuvel",
"email": "barryvdh@gmail.com"
}
],
"description": "Adds CORS (Cross-Origin Resource Sharing) headers support in your Laravel application",
"keywords": [
"api",
"cors",
"crossdomain",
"laravel"
],
"support": {
"issues": "https://github.com/fruitcake/laravel-cors/issues",
"source": "https://github.com/fruitcake/laravel-cors/tree/v2.0.4"
},
"funding": [
{
"url": "https://github.com/barryvdh",
"type": "github"
}
],
"time": "2021-04-26T11:24:25+00:00"
},
{
"name": "google/apiclient",
"version": "v2.9.1",

6
config/cors.php
View File

@ -15,7 +15,7 @@ return [
|
*/
'paths' => ['livewire/*'],
'paths' => ['*'],
'allowed_methods' => ['*'],
@ -23,9 +23,9 @@ return [
'allowed_origins_patterns' => [],
'allowed_headers' => ['*'],
'allowed_headers' => ['X-API-COMPANY-KEY,X-API-SECRET,X-API-TOKEN,X-API-PASSWORD,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,X-CSRF-TOKEN,X-XSRF-TOKEN,X-LIVEWIRE'],
'exposed_headers' => [],
'exposed_headers' => ['X-APP-VERSION,X-MINIMUM-CLIENT-VERSION,X-CSRF-TOKEN,X-XSRF-TOKEN,X-LIVEWIRE'],
'max_age' => 0,

2
config/session.php
View File

@ -196,6 +196,6 @@ return [
|
*/
'same_site' => 'lax',
'same_site' => 'none',
];