Access-Control-Allow-Origin setting works. Closes #72

2014-12-20 18:30:48 +00:00
parent 87395e6562
commit 6b76cf5dc7
5 changed files with 26 additions and 6 deletions
--- a/app/filters.php
+++ b/app/filters.php
@@ -3,6 +3,7 @@
 Route::filter('is_setup', 'IsSetupFilter');
 Route::filter('has_setting', 'HasSettingFilter');
 Route::filter('cors', 'CORSFilter');
+Route::filter('allowed_domains', 'AllowedDomainsFilter');

 /*
 |--------------------------------------------------------------------------
--- a/app/filters/AllowedDomainsFilter.php
+++ b/app/filters/AllowedDomainsFilter.php
@@ -0,0 +1,19 @@
+<?php
+
+class AllowedDomainsFilter {
+    public function filter($route, $request, $response) {
+    	// Always allow our own domain.
+    	$ourDomain = Setting::get('app_domain');
+        $response->headers->set('Access-Control-Allow-Origin', $ourDomain);
+
+        // Should we allow anyone else?
+    	if ($setting = Setting::get('allowed_domains')) {
+    		$domains = explode(',', $setting);
+    		foreach ($domains as $domain) {
+		        $response->headers->set('Access-Control-Allow-Origin', $domain);
+    		}
+    	}
+
+        return $response;
+    }
+}
--- a/app/routes/api.php
+++ b/app/routes/api.php
@@ -1,6 +1,10 @@
 <?php

-Route::api(['version' => 'v1', 'namespace' => 'CachetHQ\Cachet\Controllers\Api'], function() {
+Route::api([
+    'version'   => 'v1',
+    'namespace' => 'CachetHQ\Cachet\Controllers\Api',
+    'after'     => 'allowed_domains'
+], function() {
    Route::get('components', 'ComponentController@getComponents');
    Route::get('components/{id}', 'ComponentController@getComponent');
    Route::get('components/{id}/incidents', 'ComponentController@getComponentIncidents');
--- a/app/routes/app.php
+++ b/app/routes/app.php
@@ -7,7 +7,7 @@ Route::group(['before' => 'has_setting:app_name'], function() {
 });

 // Setup route.
-Route::group(['before' => 'no_setup:app_name'], function() {
+Route::group(['before' => 'is_setup'], function() {
    Route::controller('/setup', 'SetupController');
 });

--- a/app/views/dashboard/settings.blade.php
+++ b/app/views/dashboard/settings.blade.php
@@ -30,10 +30,6 @@
 						<label>Allowed Domains <em>Comma Seperated</em></label>
 						<textarea class='form-control' name='allowed_domains' rows='5' placeholder='http://cachet.io, http://cachet.herokuapp.com'>{{ Setting::get('allowed_domains') }}</textarea>
 					</div>
-					<div class='form-group'>
-						<label>Disallowed Domains <em>Comma Seperated</em></label>
-						<textarea class='form-control' name='disallowed_domains' rows='5' placeholder='http://cachetfake.io, http://cachetfake.herokuapp.com'>{{ Setting::get('disallowed_domains') }}</textarea>
-					</div>
 				</fieldset>

 				<h3>Mail</h3>