lucas.mathieu/cachet-docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #3434 from CachetHQ/hotfix/cors

Browse Source 
Fixes CORS headers
This commit is contained in:
James Brooks
2019-01-27 14:29:57 +00:00
committed by GitHub
parent 33116e4f34 ffe9c99f9c
commit 61cddfb55f
5 changed files with 49 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/Foundation/Providers/RouteServiceProvider.php
+1 -3
View File
@@ -11,10 +11,10 @@
namespace CachetHQ\Cachet\Foundation\Providers; namespace CachetHQ\Cachet\Foundation\Providers;
use Barryvdh\Cors\HandleCors;
use CachetHQ\Cachet\Http\Middleware\Acceptable; use CachetHQ\Cachet\Http\Middleware\Acceptable;
use CachetHQ\Cachet\Http\Middleware\Authenticate; use CachetHQ\Cachet\Http\Middleware\Authenticate;
use CachetHQ\Cachet\Http\Middleware\Timezone; use CachetHQ\Cachet\Http\Middleware\Timezone;
use CachetHQ\Cachet\Http\Middleware\VerifyCsrfToken;
use CachetHQ\Cachet\Http\Routes\ApiSystemRoutes; use CachetHQ\Cachet\Http\Routes\ApiSystemRoutes;
use CachetHQ\Cachet\Http\Routes\AuthRoutes; use CachetHQ\Cachet\Http\Routes\AuthRoutes;
use CachetHQ\Cachet\Http\Routes\Setup\ApiRoutes as ApiSetupRoutes; use CachetHQ\Cachet\Http\Routes\Setup\ApiRoutes as ApiSetupRoutes;
@@ -22,7 +22,6 @@ use CachetHQ\Cachet\Http\Routes\SetupRoutes;
use CachetHQ\Cachet\Http\Routes\SignupRoutes; use CachetHQ\Cachet\Http\Routes\SignupRoutes;
use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse; use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse;
use Illuminate\Cookie\Middleware\EncryptCookies; use Illuminate\Cookie\Middleware\EncryptCookies;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken;
use Illuminate\Foundation\Support\Providers\RouteServiceProvider as ServiceProvider; use Illuminate\Foundation\Support\Providers\RouteServiceProvider as ServiceProvider;
use Illuminate\Routing\Middleware\SubstituteBindings; use Illuminate\Routing\Middleware\SubstituteBindings;
use Illuminate\Routing\Router; use Illuminate\Routing\Router;
@@ -171,7 +170,6 @@ class RouteServiceProvider extends ServiceProvider
protected function mapOtherwise(Router $router, $routes, $applyAlwaysAuthenticate) protected function mapOtherwise(Router $router, $routes, $applyAlwaysAuthenticate)
{ {
$middleware = [ $middleware = [
HandleCors::class,
SubstituteBindings::class, SubstituteBindings::class,
Acceptable::class, Acceptable::class,
Timezone::class, Timezone::class,
app/Http/Kernel.php
+4 -2
View File
@@ -12,6 +12,7 @@
namespace CachetHQ\Cachet\Http; namespace CachetHQ\Cachet\Http;
use AltThree\Throttle\ThrottlingMiddleware; use AltThree\Throttle\ThrottlingMiddleware;
use Barryvdh\Cors\HandleCors;
use CachetHQ\Cachet\Http\Middleware\Admin; use CachetHQ\Cachet\Http\Middleware\Admin;
use CachetHQ\Cachet\Http\Middleware\ApiAuthentication; use CachetHQ\Cachet\Http\Middleware\ApiAuthentication;
use CachetHQ\Cachet\Http\Middleware\Authenticate; use CachetHQ\Cachet\Http\Middleware\Authenticate;
@@ -33,8 +34,8 @@ class Kernel extends HttpKernel
* @var array * @var array
*/ */
protected $middleware = [ protected $middleware = [
TrustProxies::class, // TrustProxies::class,
CheckForMaintenanceMode::class, // CheckForMaintenanceMode::class,
]; ];
/** /**
@@ -45,6 +46,7 @@ class Kernel extends HttpKernel
protected $routeMiddleware = [ protected $routeMiddleware = [
'admin' => Admin::class, 'admin' => Admin::class,
'can' => Authorize::class, 'can' => Authorize::class,
'cors' => HandleCors::class,
'auth' => Authenticate::class, 'auth' => Authenticate::class,
'auth.api' => ApiAuthentication::class, 'auth.api' => ApiAuthentication::class,
'guest' => RedirectIfAuthenticated::class, 'guest' => RedirectIfAuthenticated::class,
app/Http/Middleware/VerifyCsrfToken.php
+33
View File
@@ -0,0 +1,33 @@
<?php
/*
* This file is part of Cachet.
*
* (c) Alt Three Services Limited
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace CachetHQ\Cachet\Http\Middleware;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as Middleware;
class VerifyCsrfToken extends Middleware
{
/**
* Indicates whether the XSRF-TOKEN cookie should be set on the response.
*
* @var bool
*/
protected $addHttpCookie = true;
/**
* The URIs that should be excluded from CSRF verification.
*
* @var array
*/
protected $except = [
'/api/*',
];
}
app/Http/Routes/ApiRoutes.php
+1 -1
View File
@@ -40,7 +40,7 @@ class ApiRoutes
'namespace' => 'Api', 'namespace' => 'Api',
'prefix' => 'api/v1', 'prefix' => 'api/v1',
], function (Registrar $router) { ], function (Registrar $router) {
$router->group(['middleware' => ['auth.api']], function (Registrar $router) { $router->group(['middleware' => ['auth.api', 'cors']], function (Registrar $router) {
$router->get('components', 'ComponentController@index'); $router->get('components', 'ComponentController@index');
$router->get('components/groups', 'ComponentGroupController@index'); $router->get('components/groups', 'ComponentGroupController@index');
$router->get('components/groups/{component_group}', 'ComponentGroupController@show'); $router->get('components/groups/{component_group}', 'ComponentGroupController@show');
config/cors.php
+10 -7
View File
@@ -10,6 +10,7 @@
*/ */
return [ return [
/* /*
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| Laravel CORS | Laravel CORS
@@ -19,11 +20,13 @@ return [
| to accept any value. | to accept any value.
| |
*/ */
'supportsCredentials' => false,
'allowedOrigins' => ['*'], 'supportsCredentials' => false,
'allowedHeaders' => ['X-Cachet-Token'], 'allowedOrigins' => ['*'],
'allowedMethods' => ['*'], 'allowedOriginsPatterns' => [],
'exposedHeaders' => [], 'allowedHeaders' => ['X-Cachet-Token'],
'maxAge' => 3600, 'allowedMethods' => ['*'],
'hosts' => [], 'exposedHeaders' => [],
'maxAge' => 3600,
]; ];