forked from mirrors/easyappointments
Corrected the CORS headers hanlding
This commit is contained in:
parent
d00a8956d7
commit
255d1b5d95
11 changed files with 27 additions and 50 deletions
|
@ -57,6 +57,33 @@ $route['404_override'] = '';
|
|||
|
||||
$route['translate_uri_dashes'] = FALSE;
|
||||
|
||||
/*
|
||||
| -------------------------------------------------------------------------
|
||||
| CORS HEADERS
|
||||
| -------------------------------------------------------------------------
|
||||
| Set the appropriate headers so that CORS requirements are met and any
|
||||
| incoming preflight options request succeeds.
|
||||
|
|
||||
*/
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS')
|
||||
{
|
||||
header('Access-Control-Allow-Origin: *');
|
||||
|
||||
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
|
||||
{
|
||||
// May also be using PUT, PATCH, HEAD etc
|
||||
header('Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS');
|
||||
}
|
||||
|
||||
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
|
||||
{
|
||||
header('Access-Control-Allow-Headers: ' . $_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']);
|
||||
}
|
||||
|
||||
exit(0);
|
||||
}
|
||||
|
||||
/*
|
||||
| -------------------------------------------------------------------------
|
||||
| REST API ROUTING
|
||||
|
|
|
@ -28,8 +28,6 @@ class Admins_api_v1 extends EA_Controller {
|
|||
|
||||
$this->load->library('api');
|
||||
|
||||
$this->api->cors();
|
||||
|
||||
$this->api->auth();
|
||||
|
||||
$this->api->model('admins_model');
|
||||
|
|
|
@ -34,8 +34,6 @@ class Appointments_api_v1 extends EA_Controller {
|
|||
$this->load->library('synchronization');
|
||||
$this->load->library('notifications');
|
||||
|
||||
$this->api->cors();
|
||||
|
||||
$this->api->auth();
|
||||
|
||||
$this->api->model('appointments_model');
|
||||
|
|
|
@ -28,8 +28,6 @@ class Categories_api_v1 extends EA_Controller {
|
|||
|
||||
$this->load->library('api');
|
||||
|
||||
$this->api->cors();
|
||||
|
||||
$this->api->auth();
|
||||
|
||||
$this->api->model('service_categories_model');
|
||||
|
|
|
@ -28,8 +28,6 @@ class Customers_api_v1 extends EA_Controller {
|
|||
|
||||
$this->load->library('api');
|
||||
|
||||
$this->api->cors();
|
||||
|
||||
$this->api->auth();
|
||||
|
||||
$this->api->model('customers_model');
|
||||
|
|
|
@ -28,8 +28,6 @@ class Providers_api_v1 extends EA_Controller {
|
|||
|
||||
$this->load->library('api');
|
||||
|
||||
$this->api->cors();
|
||||
|
||||
$this->api->auth();
|
||||
|
||||
$this->api->model('providers_model');
|
||||
|
|
|
@ -28,8 +28,6 @@ class Secretaries_api_v1 extends EA_Controller {
|
|||
|
||||
$this->load->library('api');
|
||||
|
||||
$this->api->cors();
|
||||
|
||||
$this->api->auth();
|
||||
|
||||
$this->api->model('secretaries_model');
|
||||
|
|
|
@ -28,8 +28,6 @@ class Services_api_v1 extends EA_Controller {
|
|||
|
||||
$this->load->library('api');
|
||||
|
||||
$this->api->cors();
|
||||
|
||||
$this->api->auth();
|
||||
|
||||
$this->api->model('services_model');
|
||||
|
|
|
@ -28,8 +28,6 @@ class Settings_api_v1 extends EA_Controller {
|
|||
|
||||
$this->load->library('api');
|
||||
|
||||
$this->api->cors();
|
||||
|
||||
$this->api->auth();
|
||||
|
||||
$this->api->model('settings_model');
|
||||
|
|
|
@ -28,8 +28,6 @@ class Unavailabilities_api_v1 extends EA_Controller {
|
|||
|
||||
$this->load->library('api');
|
||||
|
||||
$this->api->cors();
|
||||
|
||||
$this->api->auth();
|
||||
|
||||
$this->api->model('unavailabilities_model');
|
||||
|
|
|
@ -57,38 +57,6 @@ class Api {
|
|||
$this->model = $this->CI->{$model};
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the CORS headers for API requests.
|
||||
*/
|
||||
public function cors()
|
||||
{
|
||||
// Allow from any origin.
|
||||
if (isset($_SERVER['HTTP_ORIGIN']))
|
||||
{
|
||||
// Decide if the origin in $_SERVER['HTTP_ORIGIN'] is one you want to allow, and if so:
|
||||
header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);
|
||||
header('Access-Control-Allow-Credentials: true');
|
||||
header('Access-Control-Max-Age: 86400'); // Cache for 1 day
|
||||
}
|
||||
|
||||
// Access-Control headers are received during OPTIONS requests.
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS')
|
||||
{
|
||||
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
|
||||
{
|
||||
// May also be using PUT, PATCH, HEAD etc
|
||||
header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
|
||||
}
|
||||
|
||||
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
|
||||
{
|
||||
header('Access-Control-Allow-Headers: ' . $_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']);
|
||||
}
|
||||
|
||||
exit(0);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Authorize the API request (Basic Auth or Bearer Token supported).
|
||||
*/
|
||||
|
|
Loading…
Reference in a new issue