Mirrors/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2024-11-10 21:22:58 +01:00
Code Issues Releases Activity

Merge pull request #5890 from turbo124/v5-develop

Browse Source 
Fixes for CORS
This commit is contained in:
David Bomba 2021-06-02 13:14:54 +10:00 committed by GitHub
commit 8361cc6022
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 17 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/Http/Kernel.php
View File

@ -65,12 +65,12 @@ class Kernel extends HttpKernel
* @var array
*/
protected $middleware = [
\Fruitcake\Cors\HandleCors::class,
CheckForMaintenanceMode::class,
ValidatePostSize::class,
TrimStrings::class,
ConvertEmptyStringsToNull::class,
TrustProxies::class,
// \Fruitcake\Cors\HandleCors::class,
Cors::class,
];
@ -105,6 +105,7 @@ class Kernel extends HttpKernel
EncryptCookies::class,
AddQueuedCookiesToResponse::class,
StartSession::class,
// \Illuminate\Session\Middleware\AuthenticateSession::class,
ShareErrorsFromSession::class,
VerifyCsrfToken::class,
SubstituteBindings::class,
@ -162,9 +163,6 @@ class Kernel extends HttpKernel
protected $middlewarePriority = [
Cors::class,
AddQueuedCookiesToResponse::class,
VerifyCsrfToken::class,
StartSession::class,
SetDomainNameDb::class,
SetDb::class,
SetWebDb::class,

26
app/Http/Middleware/Cors.php
View File

@ -10,24 +10,24 @@ class Cors
{
public function handle($request, Closure $next)
{
// if ($request->getMethod() == 'OPTIONS') {
// header('Access-Control-Allow-Origin: *');
if ($request->getMethod() == 'OPTIONS') {
header('Access-Control-Allow-Origin: *');
// // ALLOW OPTIONS METHOD
// $headers = [
// 'Access-Control-Allow-Methods'=> 'POST, GET, OPTIONS, PUT, DELETE',
// 'Access-Control-Allow-Headers'=> 'X-API-COMPANY-KEY,X-CLIENT-VERSION,X-API-SECRET,X-API-TOKEN,X-API-PASSWORD,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,X-CSRF-TOKEN,X-XSRF-TOKEN,X-LIVEWIRE',
// ];
// ALLOW OPTIONS METHOD
$headers = [
'Access-Control-Allow-Methods'=> 'POST, GET, OPTIONS, PUT, DELETE',
'Access-Control-Allow-Headers'=> 'X-API-COMPANY-KEY,X-CLIENT-VERSION,X-API-SECRET,X-API-TOKEN,X-API-PASSWORD,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,X-CSRF-TOKEN,X-XSRF-TOKEN,X-LIVEWIRE',
];
// return Response::make('OK', 200, $headers);
// }
return Response::make('OK', 200, $headers);
}
$response = $next($request);
// $response->headers->set('Access-Control-Allow-Origin', '*');
// $response->headers->set('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
// $response->headers->set('Access-Control-Allow-Headers', 'X-API-COMPANY-KEY,X-API-SECRET,X-API-TOKEN,X-API-PASSWORD,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,X-CSRF-TOKEN,X-XSRF-TOKEN,X-LIVEWIRE');
// $response->headers->set('Access-Control-Expose-Headers', 'X-APP-VERSION,X-MINIMUM-CLIENT-VERSION');
$response->headers->set('Access-Control-Allow-Origin', '*');
$response->headers->set('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
$response->headers->set('Access-Control-Allow-Headers', 'X-API-COMPANY-KEY,X-API-SECRET,X-API-TOKEN,X-API-PASSWORD,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,X-CSRF-TOKEN,X-XSRF-TOKEN,X-LIVEWIRE');
$response->headers->set('Access-Control-Expose-Headers', 'X-APP-VERSION,X-MINIMUM-CLIENT-VERSION');
$response->headers->set('X-APP-VERSION', config('ninja.app_version'));
$response->headers->set('X-MINIMUM-CLIENT-VERSION', config('ninja.minimum_client_version'));

1
app/Http/Middleware/SetDomainNameDb.php
View File

@ -86,6 +86,7 @@ class SetDomainNameDb
}
config(['app.url' => $request->getSchemeAndHttpHost()]);
return $next($request);
}

2
config/session.php
View File

@ -196,6 +196,6 @@ return [
|
*/
'same_site' => 'none',
'same_site' => 'lax',
];