diff --git a/app/Foundation/Providers/RouteServiceProvider.php b/app/Foundation/Providers/RouteServiceProvider.php index 9a17c2a6..b375e5a5 100644 --- a/app/Foundation/Providers/RouteServiceProvider.php +++ b/app/Foundation/Providers/RouteServiceProvider.php @@ -11,7 +11,6 @@ namespace CachetHQ\Cachet\Foundation\Providers; -use Barryvdh\Cors\HandleCors; use CachetHQ\Cachet\Http\Middleware\Acceptable; use CachetHQ\Cachet\Http\Middleware\Authenticate; use CachetHQ\Cachet\Http\Middleware\Timezone; @@ -22,12 +21,12 @@ use CachetHQ\Cachet\Http\Routes\SetupRoutes; use CachetHQ\Cachet\Http\Routes\SignupRoutes; use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse; use Illuminate\Cookie\Middleware\EncryptCookies; -use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken; use Illuminate\Foundation\Support\Providers\RouteServiceProvider as ServiceProvider; use Illuminate\Routing\Middleware\SubstituteBindings; use Illuminate\Routing\Router; use Illuminate\Session\Middleware\StartSession; use Illuminate\View\Middleware\ShareErrorsFromSession; +use CachetHQ\Cachet\Http\Middleware\VerifyCsrfToken; /** * This is the route service provider. @@ -171,7 +170,6 @@ class RouteServiceProvider extends ServiceProvider protected function mapOtherwise(Router $router, $routes, $applyAlwaysAuthenticate) { $middleware = [ - HandleCors::class, SubstituteBindings::class, Acceptable::class, Timezone::class, diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php index 775f4691..fe449484 100644 --- a/app/Http/Kernel.php +++ b/app/Http/Kernel.php @@ -24,6 +24,7 @@ use CachetHQ\Cachet\Http\Middleware\TrustProxies; use Illuminate\Auth\Middleware\Authorize; use Illuminate\Foundation\Http\Kernel as HttpKernel; use Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode; +use Barryvdh\Cors\HandleCors; class Kernel extends HttpKernel { @@ -33,8 +34,8 @@ class Kernel extends HttpKernel * @var array */ protected $middleware = [ - TrustProxies::class, - CheckForMaintenanceMode::class, + // TrustProxies::class, + // CheckForMaintenanceMode::class, ]; /** @@ -45,6 +46,7 @@ class Kernel extends HttpKernel protected $routeMiddleware = [ 'admin' => Admin::class, 'can' => Authorize::class, + 'cors' => HandleCors::class, 'auth' => Authenticate::class, 'auth.api' => ApiAuthentication::class, 'guest' => RedirectIfAuthenticated::class, diff --git a/app/Http/Middleware/VerifyCsrfToken.php b/app/Http/Middleware/VerifyCsrfToken.php new file mode 100644 index 00000000..213645b7 --- /dev/null +++ b/app/Http/Middleware/VerifyCsrfToken.php @@ -0,0 +1,33 @@ + 'Api', 'prefix' => 'api/v1', ], function (Registrar $router) { - $router->group(['middleware' => ['auth.api']], function (Registrar $router) { + $router->group(['middleware' => ['auth.api', 'cors']], function (Registrar $router) { $router->get('components', 'ComponentController@index'); $router->get('components/groups', 'ComponentGroupController@index'); $router->get('components/groups/{component_group}', 'ComponentGroupController@show'); diff --git a/config/cors.php b/config/cors.php index fb12f8c9..a1079ccf 100644 --- a/config/cors.php +++ b/config/cors.php @@ -10,6 +10,7 @@ */ return [ + /* |-------------------------------------------------------------------------- | Laravel CORS @@ -19,11 +20,13 @@ return [ | to accept any value. | */ - 'supportsCredentials' => false, - 'allowedOrigins' => ['*'], - 'allowedHeaders' => ['X-Cachet-Token'], - 'allowedMethods' => ['*'], - 'exposedHeaders' => [], - 'maxAge' => 3600, - 'hosts' => [], + + 'supportsCredentials' => false, + 'allowedOrigins' => ['*'], + 'allowedOriginsPatterns' => [], + 'allowedHeaders' => ['X-Cachet-Token'], + 'allowedMethods' => ['*'], + 'exposedHeaders' => [], + 'maxAge' => 3600, + ];