mirror of
https://github.com/openvk/openvk
synced 2024-12-23 09:01:15 +03:00
Correct CORS behaviour for API routes
This commit is contained in:
parent
3fa401bf5d
commit
c193edc3d4
1 changed files with 11 additions and 0 deletions
|
@ -63,7 +63,18 @@ final class VKAPIPresenter extends OpenVKPresenter
|
||||||
if($refOrigin !== false)
|
if($refOrigin !== false)
|
||||||
$origin = $refOrigin;
|
$origin = $refOrigin;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if(!is_null($this->queryParam("requestPort")))
|
||||||
|
$origin .= ":" . ((int) $this->queryParam("requestPort"));
|
||||||
|
|
||||||
header("Access-Control-Allow-Origin: $origin");
|
header("Access-Control-Allow-Origin: $origin");
|
||||||
|
|
||||||
|
if($_SERVER["REQUEST_METHOD"] === "OPTIONS") {
|
||||||
|
header("Access-Control-Allow-Methods: POST, PUT, DELETE");
|
||||||
|
header("Access-Control-Allow-Headers: " . $_SERVER["HTTP_ACCESS_CONTROL_REQUEST_HEADERS"]);
|
||||||
|
header("Access-Control-Max-Age: -1");
|
||||||
|
exit; # Terminate request processing as this is definitely a CORS preflight request.
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
function renderRoute(string $object, string $method): void
|
function renderRoute(string $object, string $method): void
|
||||||
|
|
Loading…
Reference in a new issue