Access-Control-Allow-Origin setting works. Closes #72
This commit is contained in:
@@ -3,6 +3,7 @@
|
|||||||
Route::filter('is_setup', 'IsSetupFilter');
|
Route::filter('is_setup', 'IsSetupFilter');
|
||||||
Route::filter('has_setting', 'HasSettingFilter');
|
Route::filter('has_setting', 'HasSettingFilter');
|
||||||
Route::filter('cors', 'CORSFilter');
|
Route::filter('cors', 'CORSFilter');
|
||||||
|
Route::filter('allowed_domains', 'AllowedDomainsFilter');
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|--------------------------------------------------------------------------
|
|--------------------------------------------------------------------------
|
||||||
|
|||||||
@@ -0,0 +1,19 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
class AllowedDomainsFilter {
|
||||||
|
public function filter($route, $request, $response) {
|
||||||
|
// Always allow our own domain.
|
||||||
|
$ourDomain = Setting::get('app_domain');
|
||||||
|
$response->headers->set('Access-Control-Allow-Origin', $ourDomain);
|
||||||
|
|
||||||
|
// Should we allow anyone else?
|
||||||
|
if ($setting = Setting::get('allowed_domains')) {
|
||||||
|
$domains = explode(',', $setting);
|
||||||
|
foreach ($domains as $domain) {
|
||||||
|
$response->headers->set('Access-Control-Allow-Origin', $domain);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return $response;
|
||||||
|
}
|
||||||
|
}
|
||||||
+5
-1
@@ -1,6 +1,10 @@
|
|||||||
<?php
|
<?php
|
||||||
|
|
||||||
Route::api(['version' => 'v1', 'namespace' => 'CachetHQ\Cachet\Controllers\Api'], function() {
|
Route::api([
|
||||||
|
'version' => 'v1',
|
||||||
|
'namespace' => 'CachetHQ\Cachet\Controllers\Api',
|
||||||
|
'after' => 'allowed_domains'
|
||||||
|
], function() {
|
||||||
Route::get('components', 'ComponentController@getComponents');
|
Route::get('components', 'ComponentController@getComponents');
|
||||||
Route::get('components/{id}', 'ComponentController@getComponent');
|
Route::get('components/{id}', 'ComponentController@getComponent');
|
||||||
Route::get('components/{id}/incidents', 'ComponentController@getComponentIncidents');
|
Route::get('components/{id}/incidents', 'ComponentController@getComponentIncidents');
|
||||||
|
|||||||
+1
-1
@@ -7,7 +7,7 @@ Route::group(['before' => 'has_setting:app_name'], function() {
|
|||||||
});
|
});
|
||||||
|
|
||||||
// Setup route.
|
// Setup route.
|
||||||
Route::group(['before' => 'no_setup:app_name'], function() {
|
Route::group(['before' => 'is_setup'], function() {
|
||||||
Route::controller('/setup', 'SetupController');
|
Route::controller('/setup', 'SetupController');
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|||||||
@@ -30,10 +30,6 @@
|
|||||||
<label>Allowed Domains <em>Comma Seperated</em></label>
|
<label>Allowed Domains <em>Comma Seperated</em></label>
|
||||||
<textarea class='form-control' name='allowed_domains' rows='5' placeholder='http://cachet.io, http://cachet.herokuapp.com'>{{ Setting::get('allowed_domains') }}</textarea>
|
<textarea class='form-control' name='allowed_domains' rows='5' placeholder='http://cachet.io, http://cachet.herokuapp.com'>{{ Setting::get('allowed_domains') }}</textarea>
|
||||||
</div>
|
</div>
|
||||||
<div class='form-group'>
|
|
||||||
<label>Disallowed Domains <em>Comma Seperated</em></label>
|
|
||||||
<textarea class='form-control' name='disallowed_domains' rows='5' placeholder='http://cachetfake.io, http://cachetfake.herokuapp.com'>{{ Setting::get('disallowed_domains') }}</textarea>
|
|
||||||
</div>
|
|
||||||
</fieldset>
|
</fieldset>
|
||||||
|
|
||||||
<h3>Mail</h3>
|
<h3>Mail</h3>
|
||||||
|
|||||||
Reference in New Issue
Block a user