1
0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2024-11-14 07:02:34 +01:00
invoiceninja/app/Http/Middleware/Cors.php
David Bomba db88d6a50d
Fixes for V2 (#3408)
* Refactor for user

* payment notifications

* Fixes for contact request

* Fix validation for contacts

* Fixes for base repo

* Fixes for Invoice Repo

* hide password field on clientcontact
2020-03-02 21:22:37 +11:00

46 lines
1.8 KiB
PHP

<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Support\Facades\Response;
use Symfony\Component\HttpFoundation\BinaryFileResponse;
class Cors
{
public function handle($request, Closure $next)
{
if ($request->getMethod() == "OPTIONS") {
header("Access-Control-Allow-Origin: *");
// ALLOW OPTIONS METHOD
$headers = [
'Access-Control-Allow-Methods'=> 'POST, GET, OPTIONS, PUT, DELETE',
'Access-Control-Allow-Headers'=> 'X-API-SECRET,X-API-TOKEN,X-API-PASSWORD,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'
];
return Response::make('OK', 200, $headers);
}
/* Work around for file downloads where the response cannot contain have headers set */
// if($request instanceOf BinaryFileResponse)
// return $next($request);
// else
// return $next($request)
// ->header('Access-Control-Allow-Origin', '*')
// ->header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS')
// ->header('Access-Control-Allow-Headers', 'X-API-SECRET,X-API-TOKEN,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range');
$response = $next($request);
$response->headers->set('Access-Control-Allow-Origin', '*');
$response->headers->set('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
$response->headers->set('Access-Control-Allow-Headers', 'X-API-SECRET,X-API-TOKEN,X-API-PASSWORD,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range');
$response->headers->set('X-APP-VERSION', config('ninja.app_version'));
$response->headers->set('X-API-VERSION', config('ninja.api_version'));
return $response;
}
}