lucas.mathieu/cachet-docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #643 from cachethq/fix-api-cors

Browse Source 
Handle CORS properly
This commit is contained in:
James Brooks
2015-05-19 20:56:42 +01:00
parent 8984aecd85 bc376748c8
commit 879a8a5c69
8 changed files with 152 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
app/Http/Kernel.php
View File

@@ -46,7 +46,6 @@ class Kernel extends HttpKernel
'login.throttling' => 'CachetHQ\Cachet\Http\Middleware\LoginThrottling',
'app.isSetup' => 'CachetHQ\Cachet\Http\Middleware\AppIsSetup',
'app.hasSetting' => 'CachetHQ\Cachet\Http\Middleware\HasSetting',
'allowedDomains' => 'CachetHQ\Cachet\Http\Middleware\AllowedDomains',
'cors' => 'CachetHQ\Cachet\Http\Middleware\Cors',
];
}

49
app/Http/Middleware/AllowedDomains.php
View File

@@ -1,49 +0,0 @@
<?php
/*
* This file is part of Cachet.
*
* (c) James Brooks <james@cachethq.io>
* (c) Joseph Cohen <joseph.cohen@dinkbit.com>
* (c) Graham Campbell <graham@mineuk.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace CachetHQ\Cachet\Http\Middleware;
use CachetHQ\Cachet\Facades\Setting;
use Closure;
class AllowedDomains
{
/**
* Run the allowed domains middleware.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
*
* @return mixed
*/
public function handle($request, Closure $next)
{
$response = $next($request);
// Always allow our own domain.
$ourDomain = Setting::get('app_domain');
$response->headers->set('Access-Control-Allow-Origin', $ourDomain);
// Should we allow anyone else?
if ($allowedDomains = Setting::get('allowed_domains')) {
$domains = explode(',', $allowedDomains);
foreach ($domains as $domain) {
$response->headers->set('Access-Control-Allow-Origin', $domain);
}
} else {
$response->headers->set('Access-Control-Allow-Origin', getenv('APP_URL'));
}
return $response;
}
}

1
app/Http/Routes/ApiRoutes.php
View File

@@ -25,7 +25,6 @@ class ApiRoutes
public function map(Registrar $router)
{
$router->group([
'middleware' => 'allowedDomains',
'namespace' => 'Api',
'prefix' => 'api/v1',
], function ($router) {

16
app/Providers/LoadConfigServiceProvider.php
View File

@@ -36,6 +36,22 @@ class LoadConfigServiceProvider extends ServiceProvider
$segmentRepository = $this->app->make('CachetHQ\Cachet\Segment\RepositoryInterface');
$this->app->config->set('segment.write_key', $segmentRepository->fetch());
}
// Setup Cors.
$allowedOrigins = $this->app->config->get('cors.defaults.allowedOrigins');
$allowedOrigins[] = Setting::get('app_domain');
// Add our allowed domains too.
if ($allowedDomains = Setting::get('allowed_domains')) {
$domains = explode(',', $allowedDomains);
foreach ($domains as $domain) {
$allowedOrigins[] = $domain;
}
} else {
$allowedOrigins[] = getenv('APP_URL');
}
$this->app->config->set('cors.paths.api/v1/*.allowedOrigins', $allowedOrigins);
} catch (Exception $e) {
// Don't throw any errors, we may not be setup yet.
}

3
composer.json
View File

@@ -25,7 +25,8 @@
"mccool/laravel-auto-presenter": "^3.0",
"pragmarx/google2fa": "^0.1",
"roumen/feed": "^2.9",
"watson/validating": "^1.0"
"watson/validating": "^1.0",
"barryvdh/laravel-cors": "0.5.x@dev"
},
"require-dev": {
"phpunit/phpunit": "^4.4",

98
composer.lock generated
View File

@@ -4,8 +4,100 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
"This file is @generated automatically"
],
"hash": "3f3ab385fbc40d0d67da0de8ee0f87ee",
"hash": "df9a3c00e4cbd84bfd177128b2d5d5cb",
"packages": [
{
"name": "asm89/stack-cors",
"version": "0.2.1",
"source": {
"type": "git",
"url": "https://github.com/asm89/stack-cors.git",
"reference": "2d77e77251a434e4527315313a672f5801b29fa2"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/asm89/stack-cors/zipball/2d77e77251a434e4527315313a672f5801b29fa2",
"reference": "2d77e77251a434e4527315313a672f5801b29fa2",
"shasum": ""
},
"require": {
"php": ">=5.3.2",
"symfony/http-foundation": "~2.1",
"symfony/http-kernel": "~2.1"
},
"type": "library",
"autoload": {
"psr-0": {
"Asm89\\Stack": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Alexander",
"email": "iam.asm89@gmail.com"
}
],
"description": "Cross-origin resource sharing library and stack middleware",
"homepage": "https://github.com/asm89/stack-cors",
"keywords": [
"cors",
"stack"
],
"time": "2014-07-28 07:22:35"
},
{
"name": "barryvdh/laravel-cors",
"version": "dev-master",
"source": {
"type": "git",
"url": "https://github.com/barryvdh/laravel-cors.git",
"reference": "7de71aa777f38393365f98eccb44d8ae6c85a95a"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/barryvdh/laravel-cors/zipball/7de71aa777f38393365f98eccb44d8ae6c85a95a",
"reference": "7de71aa777f38393365f98eccb44d8ae6c85a95a",
"shasum": ""
},
"require": {
"asm89/stack-cors": "0.2.x",
"illuminate/support": "~5.0.17",
"php": ">=5.4.0"
},
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "0.5-dev"
}
},
"autoload": {
"psr-4": {
"Barryvdh\\Cors\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Barry vd. Heuvel",
"email": "barryvdh@gmail.com"
}
],
"description": "Adds CORS (Cross-Origin Resource Sharing) headers support in your Laravel application",
"keywords": [
"api",
"cors",
"crossdomain",
"laravel"
],
"time": "2015-04-03 18:27:34"
},
{
"name": "cachethq/segment",
"version": "2.0.0",
@@ -4316,7 +4408,9 @@
],
"aliases": [],
"minimum-stability": "stable",
"stability-flags": [],
"stability-flags": {
"barryvdh/laravel-cors": 20
},
"prefer-stable": false,
"prefer-lowest": false,
"platform": {

1
config/app.php
View File

@@ -161,6 +161,7 @@ return [
'McCool\LaravelAutoPresenter\LaravelAutoPresenterServiceProvider',
'PragmaRX\Google2FA\Vendor\Laravel\ServiceProvider',
'Roumen\Feed\FeedServiceProvider',
'Barryvdh\Cors\CorsServiceProvider',
/*
* Application Service Providers...

37
config/cors.php Normal file
View File

@@ -0,0 +1,37 @@
<?php
return [
/*
|--------------------------------------------------------------------------
| Laravel CORS Defaults
|--------------------------------------------------------------------------
|
| The defaults are the default values applied to all the paths that match,
| unless overridden in a specific URL configuration.
| If you want them to apply to everything, you must define a path with *.
|
| allowedOrigins, allowedHeaders and allowedMethods can be set to ['*']
| to accept any value, the allowed methods however have to be explicitly listed.
|
*/
'defaults' => [
'supportsCredentials' => true,
'allowedOrigins' => [],
'allowedHeaders' => [],
'allowedMethods' => [],
'exposedHeaders' => [],
'maxAge' => 0,
'hosts' => [],
],
'paths' => [
'api/v1/*' => [
'allowedOrigins' => [],
'allowedHeaders' => ['X-Cachet-Token'],
'allowedMethods' => ['*'],
'maxAge' => 3600,
],
],
];