From 255d1b5d9509e3540c1302a06ccd833a1cc0bb32 Mon Sep 17 00:00:00 2001 From: Alex Tselegidis Date: Thu, 18 Nov 2021 15:01:17 +0100 Subject: [PATCH] Corrected the CORS headers hanlding --- application/config/routes.php | 27 ++++++++++++++++ .../controllers/api/v1/Admins_api_v1.php | 2 -- .../api/v1/Appointments_api_v1.php | 2 -- .../controllers/api/v1/Categories_api_v1.php | 2 -- .../controllers/api/v1/Customers_api_v1.php | 2 -- .../controllers/api/v1/Providers_api_v1.php | 2 -- .../controllers/api/v1/Secretaries_api_v1.php | 2 -- .../controllers/api/v1/Services_api_v1.php | 2 -- .../controllers/api/v1/Settings_api_v1.php | 2 -- .../api/v1/Unavailabilities_api_v1.php | 2 -- application/libraries/Api.php | 32 ------------------- 11 files changed, 27 insertions(+), 50 deletions(-) diff --git a/application/config/routes.php b/application/config/routes.php index 4c1bbcc1..bb725080 100644 --- a/application/config/routes.php +++ b/application/config/routes.php @@ -57,6 +57,33 @@ $route['404_override'] = ''; $route['translate_uri_dashes'] = FALSE; +/* +| ------------------------------------------------------------------------- +| CORS HEADERS +| ------------------------------------------------------------------------- +| Set the appropriate headers so that CORS requirements are met and any +| incoming preflight options request succeeds. +| +*/ + +if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') +{ + header('Access-Control-Allow-Origin: *'); + + if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD'])) + { + // May also be using PUT, PATCH, HEAD etc + header('Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS'); + } + + if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS'])) + { + header('Access-Control-Allow-Headers: ' . $_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']); + } + + exit(0); +} + /* | ------------------------------------------------------------------------- | REST API ROUTING diff --git a/application/controllers/api/v1/Admins_api_v1.php b/application/controllers/api/v1/Admins_api_v1.php index 12d79150..d88b6dc8 100644 --- a/application/controllers/api/v1/Admins_api_v1.php +++ b/application/controllers/api/v1/Admins_api_v1.php @@ -28,8 +28,6 @@ class Admins_api_v1 extends EA_Controller { $this->load->library('api'); - $this->api->cors(); - $this->api->auth(); $this->api->model('admins_model'); diff --git a/application/controllers/api/v1/Appointments_api_v1.php b/application/controllers/api/v1/Appointments_api_v1.php index 244b6af7..46e56b7e 100644 --- a/application/controllers/api/v1/Appointments_api_v1.php +++ b/application/controllers/api/v1/Appointments_api_v1.php @@ -34,8 +34,6 @@ class Appointments_api_v1 extends EA_Controller { $this->load->library('synchronization'); $this->load->library('notifications'); - $this->api->cors(); - $this->api->auth(); $this->api->model('appointments_model'); diff --git a/application/controllers/api/v1/Categories_api_v1.php b/application/controllers/api/v1/Categories_api_v1.php index 5d4152db..7908a9bc 100644 --- a/application/controllers/api/v1/Categories_api_v1.php +++ b/application/controllers/api/v1/Categories_api_v1.php @@ -28,8 +28,6 @@ class Categories_api_v1 extends EA_Controller { $this->load->library('api'); - $this->api->cors(); - $this->api->auth(); $this->api->model('service_categories_model'); diff --git a/application/controllers/api/v1/Customers_api_v1.php b/application/controllers/api/v1/Customers_api_v1.php index 98e3aa5c..26dd45a8 100644 --- a/application/controllers/api/v1/Customers_api_v1.php +++ b/application/controllers/api/v1/Customers_api_v1.php @@ -28,8 +28,6 @@ class Customers_api_v1 extends EA_Controller { $this->load->library('api'); - $this->api->cors(); - $this->api->auth(); $this->api->model('customers_model'); diff --git a/application/controllers/api/v1/Providers_api_v1.php b/application/controllers/api/v1/Providers_api_v1.php index c5ba3b8c..00a49228 100644 --- a/application/controllers/api/v1/Providers_api_v1.php +++ b/application/controllers/api/v1/Providers_api_v1.php @@ -28,8 +28,6 @@ class Providers_api_v1 extends EA_Controller { $this->load->library('api'); - $this->api->cors(); - $this->api->auth(); $this->api->model('providers_model'); diff --git a/application/controllers/api/v1/Secretaries_api_v1.php b/application/controllers/api/v1/Secretaries_api_v1.php index c2e4ca16..4bc367d6 100644 --- a/application/controllers/api/v1/Secretaries_api_v1.php +++ b/application/controllers/api/v1/Secretaries_api_v1.php @@ -28,8 +28,6 @@ class Secretaries_api_v1 extends EA_Controller { $this->load->library('api'); - $this->api->cors(); - $this->api->auth(); $this->api->model('secretaries_model'); diff --git a/application/controllers/api/v1/Services_api_v1.php b/application/controllers/api/v1/Services_api_v1.php index b9d0b18e..34080897 100644 --- a/application/controllers/api/v1/Services_api_v1.php +++ b/application/controllers/api/v1/Services_api_v1.php @@ -28,8 +28,6 @@ class Services_api_v1 extends EA_Controller { $this->load->library('api'); - $this->api->cors(); - $this->api->auth(); $this->api->model('services_model'); diff --git a/application/controllers/api/v1/Settings_api_v1.php b/application/controllers/api/v1/Settings_api_v1.php index fda8cca5..413bf6bb 100644 --- a/application/controllers/api/v1/Settings_api_v1.php +++ b/application/controllers/api/v1/Settings_api_v1.php @@ -28,8 +28,6 @@ class Settings_api_v1 extends EA_Controller { $this->load->library('api'); - $this->api->cors(); - $this->api->auth(); $this->api->model('settings_model'); diff --git a/application/controllers/api/v1/Unavailabilities_api_v1.php b/application/controllers/api/v1/Unavailabilities_api_v1.php index b5769287..1aae1213 100644 --- a/application/controllers/api/v1/Unavailabilities_api_v1.php +++ b/application/controllers/api/v1/Unavailabilities_api_v1.php @@ -28,8 +28,6 @@ class Unavailabilities_api_v1 extends EA_Controller { $this->load->library('api'); - $this->api->cors(); - $this->api->auth(); $this->api->model('unavailabilities_model'); diff --git a/application/libraries/Api.php b/application/libraries/Api.php index 49c9e0f3..bc33d9a7 100644 --- a/application/libraries/Api.php +++ b/application/libraries/Api.php @@ -57,38 +57,6 @@ class Api { $this->model = $this->CI->{$model}; } - /** - * Set the CORS headers for API requests. - */ - public function cors() - { - // Allow from any origin. - if (isset($_SERVER['HTTP_ORIGIN'])) - { - // Decide if the origin in $_SERVER['HTTP_ORIGIN'] is one you want to allow, and if so: - header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']); - header('Access-Control-Allow-Credentials: true'); - header('Access-Control-Max-Age: 86400'); // Cache for 1 day - } - - // Access-Control headers are received during OPTIONS requests. - if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') - { - if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD'])) - { - // May also be using PUT, PATCH, HEAD etc - header("Access-Control-Allow-Methods: GET, POST, OPTIONS"); - } - - if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS'])) - { - header('Access-Control-Allow-Headers: ' . $_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']); - } - - exit(0); - } - } - /** * Authorize the API request (Basic Auth or Bearer Token supported). */