From d509bbd160c3c2d294e0a0091c01ae2ea1b4188f Mon Sep 17 00:00:00 2001 From: brantje Date: Thu, 19 Jan 2017 13:39:01 +0100 Subject: [PATCH] Fix cors headers --- controller/credentialcontroller.php | 7 ++++++- controller/filecontroller.php | 7 ++++++- controller/internalcontroller.php | 7 ++++++- controller/settingscontroller.php | 7 ++++++- controller/sharecontroller.php | 7 ++++++- controller/translationcontroller.php | 7 ++++++- controller/vaultcontroller.php | 2 +- lib/AppInfo/Application.php | 4 ++++ middleware/apimiddleware.php | 29 ++++++++++++++++++++++++++++ 9 files changed, 70 insertions(+), 7 deletions(-) create mode 100644 middleware/apimiddleware.php diff --git a/controller/credentialcontroller.php b/controller/credentialcontroller.php index 5da657c5..7d47ecd4 100644 --- a/controller/credentialcontroller.php +++ b/controller/credentialcontroller.php @@ -47,7 +47,12 @@ class CredentialController extends ApiController { SettingsService $settings ) { - parent::__construct($AppName, $request); + parent::__construct( + $AppName, + $request, + 'GET, POST, DELETE, PUT, PATCH, OPTIONS', + 'Authorization, Content-Type, Accept', + 86400); $this->userId = $userId; $this->credentialService = $credentialService; $this->activityService = $activityService; diff --git a/controller/filecontroller.php b/controller/filecontroller.php index 7a025516..c2d151a8 100644 --- a/controller/filecontroller.php +++ b/controller/filecontroller.php @@ -24,7 +24,12 @@ class FileController extends ApiController { IRequest $request, $UserId, FileService $fileService){ - parent::__construct($AppName, $request); + parent::__construct( + $AppName, + $request, + 'GET, POST, DELETE, PUT, PATCH, OPTIONS', + 'Authorization, Content-Type, Accept', + 86400); $this->userId = $UserId; $this->fileService = $fileService; } diff --git a/controller/internalcontroller.php b/controller/internalcontroller.php index 5bbad891..7e7bfa07 100644 --- a/controller/internalcontroller.php +++ b/controller/internalcontroller.php @@ -29,7 +29,12 @@ class InternalController extends ApiController { CredentialService $credentialService, IConfig $config ) { - parent::__construct($AppName, $request); + parent::__construct( + $AppName, + $request, + 'GET, POST, DELETE, PUT, PATCH, OPTIONS', + 'Authorization, Content-Type, Accept', + 86400); $this->userId = $UserId; $this->credentialService = $credentialService; $this->config = $config; diff --git a/controller/settingscontroller.php b/controller/settingscontroller.php index 50a2ac7c..578fd512 100644 --- a/controller/settingscontroller.php +++ b/controller/settingscontroller.php @@ -29,7 +29,12 @@ class SettingsController extends ApiController { $userId, SettingsService $settings, IL10N $l) { - parent::__construct($AppName, $request); + parent::__construct( + $AppName, + $request, + 'GET, POST, DELETE, PUT, PATCH, OPTIONS', + 'Authorization, Content-Type, Accept', + 86400); $this->settings = $settings; $this->l = $l; $this->userId = $userId; diff --git a/controller/sharecontroller.php b/controller/sharecontroller.php index 7c921b53..d27c185f 100644 --- a/controller/sharecontroller.php +++ b/controller/sharecontroller.php @@ -61,7 +61,12 @@ class ShareController extends ApiController { FileService $fileService, SettingsService $config ) { - parent::__construct($AppName, $request); + parent::__construct( + $AppName, + $request, + 'GET, POST, DELETE, PUT, PATCH, OPTIONS', + 'Authorization, Content-Type, Accept', + 86400); $this->userId = $UserId; $this->userManager = $userManager; diff --git a/controller/translationcontroller.php b/controller/translationcontroller.php index 4bfcabf8..7fdb59c5 100644 --- a/controller/translationcontroller.php +++ b/controller/translationcontroller.php @@ -23,7 +23,12 @@ class TranslationController extends ApiController { IRequest $request, IL10N $trans ) { - parent::__construct($AppName, $request); + parent::__construct( + $AppName, + $request, + 'GET, POST, DELETE, PUT, PATCH, OPTIONS', + 'Authorization, Content-Type, Accept', + 86400); $this->trans = $trans; } diff --git a/controller/vaultcontroller.php b/controller/vaultcontroller.php index 4bd2140e..44cf89da 100644 --- a/controller/vaultcontroller.php +++ b/controller/vaultcontroller.php @@ -37,7 +37,7 @@ class VaultController extends ApiController { parent::__construct( $AppName, $request, - 'GET, POST, DELETE, PUT, PATCH', + 'GET, POST, DELETE, PUT, PATCH, OPTIONS', 'Authorization, Content-Type, Accept', 86400); $this->userId = $UserId; diff --git a/lib/AppInfo/Application.php b/lib/AppInfo/Application.php index 01456292..e89f2661 100644 --- a/lib/AppInfo/Application.php +++ b/lib/AppInfo/Application.php @@ -29,6 +29,7 @@ use OCA\Passman\Controller\CredentialController; use OCA\Passman\Controller\PageController; use OCA\Passman\Controller\ShareController; use OCA\Passman\Controller\VaultController; +use OCA\Passman\Middleware\APIMiddleware; use OCA\Passman\Middleware\ShareMiddleware; use OCA\Passman\Service\ActivityService; use OCA\Passman\Service\CronService; @@ -109,6 +110,8 @@ class Application extends App { return $c->query('ServerContainer')->getLogger(); }); + $container->registerMiddleware('APIMiddleware'); + // Aliases for the controllers so we can use the automatic DI $container->registerAlias('CredentialController', CredentialController::class); $container->registerAlias('PageController', PageController::class); @@ -124,6 +127,7 @@ class Application extends App { $container->registerAlias('IDBConnection', IDBConnection::class); $container->registerAlias('IConfig', IConfig::class); $container->registerAlias('SettingsService', SettingsService::class); + $container->registerAlias('APIMiddleware', APIMiddleware::class); } /** diff --git a/middleware/apimiddleware.php b/middleware/apimiddleware.php new file mode 100644 index 00000000..7c0d914e --- /dev/null +++ b/middleware/apimiddleware.php @@ -0,0 +1,29 @@ +request = $request; + } + + public function afterController($controller, $methodName, Response $response) { + if($response instanceof JSONResponse){ + $origin = $this->request->server['HTTP_ORIGIN']; + if($origin) { + $response->addHeader('Access-Control-Allow-Origin', $origin); + } + } + return parent::afterController($controller, $methodName, $response); + } +} + +