mirror of
https://github.com/invoiceninja/invoiceninja.git
synced 2024-11-08 20:22:42 +01:00
Fixes for content-disposition in CORS
This commit is contained in:
parent
f217ea2441
commit
e2ef82b266
@ -861,7 +861,7 @@ class BaseController extends Controller
|
|||||||
/**/
|
/**/
|
||||||
// 10-01-2022 need to ensure we snake case properly here to ensure permissions work as expected
|
// 10-01-2022 need to ensure we snake case properly here to ensure permissions work as expected
|
||||||
// 28-03-2022 this is definitely correct here, do not append _ to the view, it resolved correctly when snake cased
|
// 28-03-2022 this is definitely correct here, do not append _ to the view, it resolved correctly when snake cased
|
||||||
if (auth()->user() && ! auth()->user()->hasPermission('view'.lcfirst(class_basename(Str::snake($this->entity_type))))) {
|
if (auth()->user() && ! auth()->user()->hasPermission('view_'.Str::snake(class_basename($this->entity_type)))) {
|
||||||
//06-10-2022 - some entities do not have assigned_user_id - this becomes an issue when we have a large company and low permission users
|
//06-10-2022 - some entities do not have assigned_user_id - this becomes an issue when we have a large company and low permission users
|
||||||
if(in_array($this->entity_type, [User::class])){
|
if(in_array($this->entity_type, [User::class])){
|
||||||
$query->where('id', auth()->user()->id);
|
$query->where('id', auth()->user()->id);
|
||||||
|
@ -23,7 +23,7 @@ return [
|
|||||||
|
|
||||||
'allowed_origins_patterns' => [],
|
'allowed_origins_patterns' => [],
|
||||||
|
|
||||||
'allowed_headers' => ['X-API-COMPANY-KEY,X-API-SECRET,X-API-TOKEN,X-API-PASSWORD,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,X-CSRF-TOKEN,X-XSRF-TOKEN,X-LIVEWIRE'],
|
'allowed_headers' => ['X-API-COMPANY-KEY,X-API-SECRET,X-API-TOKEN,X-API-PASSWORD,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Disposition,Content-Type,Range,X-CSRF-TOKEN,X-XSRF-TOKEN,X-LIVEWIRE'],
|
||||||
|
|
||||||
'exposed_headers' => ['X-APP-VERSION,X-MINIMUM-CLIENT-VERSION,X-CSRF-TOKEN,X-XSRF-TOKEN,X-LIVEWIRE'],
|
'exposed_headers' => ['X-APP-VERSION,X-MINIMUM-CLIENT-VERSION,X-CSRF-TOKEN,X-XSRF-TOKEN,X-LIVEWIRE'],
|
||||||
|
|
||||||
|
@ -2,6 +2,15 @@
|
|||||||
<html lang="{{ str_replace('_', '-', app()->getLocale()) }}">
|
<html lang="{{ str_replace('_', '-', app()->getLocale()) }}">
|
||||||
|
|
||||||
<head>
|
<head>
|
||||||
|
@if(App\Utils\Ninja::isHosted())
|
||||||
|
<!-- G Tag Manager -->
|
||||||
|
<script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
|
||||||
|
new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
|
||||||
|
j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
|
||||||
|
'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
|
||||||
|
})(window,document,'script','dataLayer','GTM-WMJ5W23');</script>
|
||||||
|
<!-- End G Tag Manager -->
|
||||||
|
@endif
|
||||||
<!-- Error: {{ session('error') }} -->
|
<!-- Error: {{ session('error') }} -->
|
||||||
@if (isset($company) && $company->matomo_url && $company->matomo_id)
|
@if (isset($company) && $company->matomo_url && $company->matomo_id)
|
||||||
<script>
|
<script>
|
||||||
|
Loading…
Reference in New Issue
Block a user