Merging API clean up from develop
commit
3d8c421f76
@ -0,0 +1,51 @@
|
||||
<?php
|
||||
|
||||
class handleCors
|
||||
{
|
||||
public function __construct()
|
||||
{
|
||||
//check settings to see if external api access is allowed
|
||||
$config = new Settings();
|
||||
$settings = $config->getSettings();
|
||||
if ($settings["global"]["externalAPI"]) {
|
||||
//echo "API STATUS: " . $settings["global"]["externalAPI"];
|
||||
if ($settings["global"]["externalAPI"] == "true") {
|
||||
//echo "API ACCESS ACTIVE";
|
||||
// checks to see if origin is set
|
||||
if (isset($_SERVER["HTTP_ORIGIN"])) {
|
||||
// You can decide if the origin in $_SERVER['HTTP_ORIGIN'] is something you want to allow, or as we do here, just allow all
|
||||
header("Access-Control-Allow-Origin: {$_SERVER["HTTP_ORIGIN"]}");
|
||||
} else {
|
||||
//No HTTP_ORIGIN set, so we allow any. You can disallow if needed here
|
||||
//never allow just any domain, so turn CORS off if no No HTTP_ORIGIN is set
|
||||
//header("Access-Control-Allow-Origin: *");
|
||||
}
|
||||
|
||||
header("Access-Control-Allow-Credentials: true");
|
||||
header("Access-Control-Max-Age: 600"); // cache for 10 minutes
|
||||
|
||||
if ($_SERVER["REQUEST_METHOD"] == "OPTIONS") {
|
||||
if (isset($_SERVER["HTTP_ACCESS_CONTROL_REQUEST_METHOD"])) {
|
||||
header(
|
||||
"Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE, PUT"
|
||||
);
|
||||
} //Make sure you remove those you do not want to support
|
||||
|
||||
if (isset($_SERVER["HTTP_ACCESS_CONTROL_REQUEST_HEADERS"])) {
|
||||
header(
|
||||
"Access-Control-Allow-Headers: {$_SERVER["HTTP_ACCESS_CONTROL_REQUEST_HEADERS"]}"
|
||||
);
|
||||
}
|
||||
|
||||
//Just exit with 200 OK with the above headers for OPTIONS method
|
||||
exit(0);
|
||||
}
|
||||
} else {
|
||||
//echo "API ACCESS ACTIVE";
|
||||
}
|
||||
} else {
|
||||
//value doesn't exist, so whatevs
|
||||
//echo "API ACCESS VALUE NOT PRESENT";
|
||||
}
|
||||
}
|
||||
}
|
Before Width: | Height: | Size: 4.6 KiB After Width: | Height: | Size: 4.6 KiB |
File diff suppressed because one or more lines are too long
@ -1,4 +1,5 @@
|
||||
<?php
|
||||
|
||||
require "../vendor/autoload.php";
|
||||
include "../brain/App.inc.php";
|
||||
new App();
|
||||
|
Loading…
Reference in New Issue