Corrected the CORS headers hanlding

This commit is contained in:
Alex Tselegidis 2021-11-18 15:01:17 +01:00
parent d00a8956d7
commit 255d1b5d95
11 changed files with 27 additions and 50 deletions

View file

@ -57,6 +57,33 @@ $route['404_override'] = '';
$route['translate_uri_dashes'] = FALSE;
/*
| -------------------------------------------------------------------------
| CORS HEADERS
| -------------------------------------------------------------------------
| Set the appropriate headers so that CORS requirements are met and any
| incoming preflight options request succeeds.
|
*/
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS')
{
header('Access-Control-Allow-Origin: *');
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
{
// May also be using PUT, PATCH, HEAD etc
header('Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS');
}
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
{
header('Access-Control-Allow-Headers: ' . $_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']);
}
exit(0);
}
/*
| -------------------------------------------------------------------------
| REST API ROUTING

View file

@ -28,8 +28,6 @@ class Admins_api_v1 extends EA_Controller {
$this->load->library('api');
$this->api->cors();
$this->api->auth();
$this->api->model('admins_model');

View file

@ -34,8 +34,6 @@ class Appointments_api_v1 extends EA_Controller {
$this->load->library('synchronization');
$this->load->library('notifications');
$this->api->cors();
$this->api->auth();
$this->api->model('appointments_model');

View file

@ -28,8 +28,6 @@ class Categories_api_v1 extends EA_Controller {
$this->load->library('api');
$this->api->cors();
$this->api->auth();
$this->api->model('service_categories_model');

View file

@ -28,8 +28,6 @@ class Customers_api_v1 extends EA_Controller {
$this->load->library('api');
$this->api->cors();
$this->api->auth();
$this->api->model('customers_model');

View file

@ -28,8 +28,6 @@ class Providers_api_v1 extends EA_Controller {
$this->load->library('api');
$this->api->cors();
$this->api->auth();
$this->api->model('providers_model');

View file

@ -28,8 +28,6 @@ class Secretaries_api_v1 extends EA_Controller {
$this->load->library('api');
$this->api->cors();
$this->api->auth();
$this->api->model('secretaries_model');

View file

@ -28,8 +28,6 @@ class Services_api_v1 extends EA_Controller {
$this->load->library('api');
$this->api->cors();
$this->api->auth();
$this->api->model('services_model');

View file

@ -28,8 +28,6 @@ class Settings_api_v1 extends EA_Controller {
$this->load->library('api');
$this->api->cors();
$this->api->auth();
$this->api->model('settings_model');

View file

@ -28,8 +28,6 @@ class Unavailabilities_api_v1 extends EA_Controller {
$this->load->library('api');
$this->api->cors();
$this->api->auth();
$this->api->model('unavailabilities_model');

View file

@ -57,38 +57,6 @@ class Api {
$this->model = $this->CI->{$model};
}
/**
* Set the CORS headers for API requests.
*/
public function cors()
{
// Allow from any origin.
if (isset($_SERVER['HTTP_ORIGIN']))
{
// Decide if the origin in $_SERVER['HTTP_ORIGIN'] is one you want to allow, and if so:
header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Max-Age: 86400'); // Cache for 1 day
}
// Access-Control headers are received during OPTIONS requests.
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS')
{
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
{
// May also be using PUT, PATCH, HEAD etc
header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
}
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
{
header('Access-Control-Allow-Headers: ' . $_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']);
}
exit(0);
}
}
/**
* Authorize the API request (Basic Auth or Bearer Token supported).
*/