From 5c1f64969ee35aba481e46319084d0a803778578 Mon Sep 17 00:00:00 2001 From: Awilum Date: Mon, 20 Apr 2020 21:46:11 +0300 Subject: [PATCH] feat(core): Enable lazy CORS for all routes. --- src/flextype/bootstrap.php | 15 ++++ src/flextype/endpoints/delivery/entries.php | 15 ++-- src/flextype/endpoints/delivery/registry.php | 15 ++-- src/flextype/endpoints/images/images.php | 12 +-- src/flextype/endpoints/management/entries.php | 90 +++++++------------ 5 files changed, 59 insertions(+), 88 deletions(-) diff --git a/src/flextype/bootstrap.php b/src/flextype/bootstrap.php index 7de10bbe..c3df0ef8 100755 --- a/src/flextype/bootstrap.php +++ b/src/flextype/bootstrap.php @@ -163,6 +163,21 @@ date_default_timezone_set($flextype['registry']->get('flextype.settings.timezone */ $flextype['plugins']->init($flextype, $app); +/** + * Enable lazy CORS + */ +$app->options('/{routes:.+}', function ($request, $response, $args) { + return $response; +}); + +$app->add(function ($req, $res, $next) { + $response = $next($req, $res); + return $response + ->withHeader('Access-Control-Allow-Origin', '*') + ->withHeader('Access-Control-Allow-Headers', 'X-Requested-With, Content-Type, Accept, Origin, Authorization') + ->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, PATCH, OPTIONS'); +}); + /** * Run application */ diff --git a/src/flextype/endpoints/delivery/entries.php b/src/flextype/endpoints/delivery/entries.php index a45ed43f..56873b36 100644 --- a/src/flextype/endpoints/delivery/entries.php +++ b/src/flextype/endpoints/delivery/entries.php @@ -78,27 +78,22 @@ $app->get('/api/delivery/entries', function (Request $request, Response $respons // Return response return $response - ->withJson($api_sys_messages['NotFound'], $response_code) - ->withHeader('Access-Control-Allow-Origin', '*'); + ->withJson($api_sys_messages['NotFound'], $response_code); } // Return response return $response - ->withJson($response_data, $response_code) - ->withHeader('Access-Control-Allow-Origin', '*'); + ->withJson($response_data, $response_code); } return $response - ->withJson($api_sys_messages['AccessTokenInvalid'], 401) - ->withHeader('Access-Control-Allow-Origin', '*'); + ->withJson($api_sys_messages['AccessTokenInvalid'], 401); } return $response - ->withJson($api_sys_messages['AccessTokenInvalid'], 401) - ->withHeader('Access-Control-Allow-Origin', '*'); + ->withJson($api_sys_messages['AccessTokenInvalid'], 401); } return $response - ->withJson($api_sys_messages['AccessTokenInvalid'], 401) - ->withHeader('Access-Control-Allow-Origin', '*'); + ->withJson($api_sys_messages['AccessTokenInvalid'], 401); }); diff --git a/src/flextype/endpoints/delivery/registry.php b/src/flextype/endpoints/delivery/registry.php index 5f1fa69e..7770f3e8 100644 --- a/src/flextype/endpoints/delivery/registry.php +++ b/src/flextype/endpoints/delivery/registry.php @@ -82,27 +82,22 @@ $app->get('/api/delivery/registry', function (Request $request, Response $respon // Return response return $response - ->withJson($api_sys_messages['NotFound'], $response_code) - ->withHeader('Access-Control-Allow-Origin', '*'); + ->withJson($api_sys_messages['NotFound'], $response_code); } // Return response return $response - ->withJson($response_data, $response_code) - ->withHeader('Access-Control-Allow-Origin', '*'); + ->withJson($response_data, $response_code); } return $response - ->withJson($api_sys_messages['AccessTokenInvalid'], 401) - ->withHeader('Access-Control-Allow-Origin', '*'); + ->withJson($api_sys_messages['AccessTokenInvalid'], 401); } return $response - ->withJson($api_sys_messages['AccessTokenInvalid'], 401) - ->withHeader('Access-Control-Allow-Origin', '*'); + ->withJson($api_sys_messages['AccessTokenInvalid'], 401); } return $response - ->withJson($api_sys_messages['AccessTokenInvalid'], 401) - ->withHeader('Access-Control-Allow-Origin', '*'); + ->withJson($api_sys_messages['AccessTokenInvalid'], 401); }); diff --git a/src/flextype/endpoints/images/images.php b/src/flextype/endpoints/images/images.php index df274bf7..a682bce7 100644 --- a/src/flextype/endpoints/images/images.php +++ b/src/flextype/endpoints/images/images.php @@ -75,21 +75,17 @@ $app->get('/api/images/{path:.+}', function (Request $request, Response $respons } return $response - ->withJson($api_sys_messages['NotFound'], 404) - ->withHeader('Access-Control-Allow-Origin', '*'); + ->withJson($api_sys_messages['NotFound'], 404); } return $response - ->withJson($api_sys_messages['AccessTokenInvalid'], 401) - ->withHeader('Access-Control-Allow-Origin', '*'); + ->withJson($api_sys_messages['AccessTokenInvalid'], 401); } return $response - ->withJson($api_sys_messages['AccessTokenInvalid'], 401) - ->withHeader('Access-Control-Allow-Origin', '*'); + ->withJson($api_sys_messages['AccessTokenInvalid'], 401); } return $response - ->withJson($api_sys_messages['AccessTokenInvalid'], 401) - ->withHeader('Access-Control-Allow-Origin', '*'); + ->withJson($api_sys_messages['AccessTokenInvalid'], 401); }); diff --git a/src/flextype/endpoints/management/entries.php b/src/flextype/endpoints/management/entries.php index 264948f4..8c9c7aa3 100644 --- a/src/flextype/endpoints/management/entries.php +++ b/src/flextype/endpoints/management/entries.php @@ -84,29 +84,24 @@ $app->get('/api/management/entries', function (Request $request, Response $respo // Return response return $response - ->withJson($api_sys_messages['NotFound'], $response_code) - ->withHeader('Access-Control-Allow-Origin', '*'); + ->withJson($api_sys_messages['NotFound'], $response_code); } // Return response return $response - ->withJson($response_data, $response_code) - ->withHeader('Access-Control-Allow-Origin', '*'); + ->withJson($response_data, $response_code); } return $response - ->withJson($api_sys_messages['AccessTokenInvalid'], 401) - ->withHeader('Access-Control-Allow-Origin', '*'); + ->withJson($api_sys_messages['AccessTokenInvalid'], 401); } return $response - ->withJson($api_sys_messages['AccessTokenInvalid'], 401) - ->withHeader('Access-Control-Allow-Origin', '*'); + ->withJson($api_sys_messages['AccessTokenInvalid'], 401); } return $response - ->withJson($api_sys_messages['AccessTokenInvalid'], 401) - ->withHeader('Access-Control-Allow-Origin', '*'); + ->withJson($api_sys_messages['AccessTokenInvalid'], 401); }); @@ -175,29 +170,24 @@ $app->post('/api/management/entries', function (Request $request, Response $resp // Return response return $response - ->withJson($api_sys_messages['NotFound'], $response_code) - ->withHeader('Access-Control-Allow-Origin', '*'); + ->withJson($api_sys_messages['NotFound'], $response_code); } // Return response return $response - ->withJson($response_data, $response_code) - ->withHeader('Access-Control-Allow-Origin', '*'); + ->withJson($response_data, $response_code); } return $response - ->withJson($api_sys_messages['AccessTokenInvalid'], 401) - ->withHeader('Access-Control-Allow-Origin', '*'); + ->withJson($api_sys_messages['AccessTokenInvalid'], 401); } return $response - ->withJson($api_sys_messages['AccessTokenInvalid'], 401) - ->withHeader('Access-Control-Allow-Origin', '*'); + ->withJson($api_sys_messages['AccessTokenInvalid'], 401); } return $response - ->withJson($api_sys_messages['AccessTokenInvalid'], 401) - ->withHeader('Access-Control-Allow-Origin', '*'); + ->withJson($api_sys_messages['AccessTokenInvalid'], 401); }); /** @@ -265,29 +255,24 @@ $app->patch('/api/management/entries', function (Request $request, Response $res // Return response return $response - ->withJson($api_sys_messages['NotFound'], $response_code) - ->withHeader('Access-Control-Allow-Origin', '*'); + ->withJson($api_sys_messages['NotFound'], $response_code); } // Return response return $response - ->withJson($response_data, $response_code) - ->withHeader('Access-Control-Allow-Origin', '*'); + ->withJson($response_data, $response_code); } return $response - ->withJson($api_sys_messages['AccessTokenInvalid'], 401) - ->withHeader('Access-Control-Allow-Origin', '*'); + ->withJson($api_sys_messages['AccessTokenInvalid'], 401); } return $response - ->withJson($api_sys_messages['AccessTokenInvalid'], 401) - ->withHeader('Access-Control-Allow-Origin', '*'); + ->withJson($api_sys_messages['AccessTokenInvalid'], 401); } return $response - ->withJson($api_sys_messages['AccessTokenInvalid'], 401) - ->withHeader('Access-Control-Allow-Origin', '*'); + ->withJson($api_sys_messages['AccessTokenInvalid'], 401); }); /** @@ -356,29 +341,24 @@ $app->put('/api/management/entries', function (Request $request, Response $respo // Return response return $response - ->withJson($api_sys_messages['NotFound'], $response_code) - ->withHeader('Access-Control-Allow-Origin', '*'); + ->withJson($api_sys_messages['NotFound'], $response_code); } // Return response return $response - ->withJson($response_data, $response_code) - ->withHeader('Access-Control-Allow-Origin', '*'); + ->withJson($response_data, $response_code); } return $response - ->withJson($api_sys_messages['AccessTokenInvalid'], 401) - ->withHeader('Access-Control-Allow-Origin', '*'); + ->withJson($api_sys_messages['AccessTokenInvalid'], 401); } return $response - ->withJson($api_sys_messages['AccessTokenInvalid'], 401) - ->withHeader('Access-Control-Allow-Origin', '*'); + ->withJson($api_sys_messages['AccessTokenInvalid'], 401); } return $response - ->withJson($api_sys_messages['AccessTokenInvalid'], 401) - ->withHeader('Access-Control-Allow-Origin', '*'); + ->withJson($api_sys_messages['AccessTokenInvalid'], 401); }); /** @@ -447,29 +427,24 @@ $app->put('/api/management/entries/copy', function (Request $request, Response $ // Return response return $response - ->withJson($api_sys_messages['NotFound'], $response_code) - ->withHeader('Access-Control-Allow-Origin', '*'); + ->withJson($api_sys_messages['NotFound'], $response_code); } // Return response return $response - ->withJson($response_data, $response_code) - ->withHeader('Access-Control-Allow-Origin', '*'); + ->withJson($response_data, $response_code); } return $response - ->withJson($api_sys_messages['AccessTokenInvalid'], 401) - ->withHeader('Access-Control-Allow-Origin', '*'); + ->withJson($api_sys_messages['AccessTokenInvalid'], 401); } return $response - ->withJson($api_sys_messages['AccessTokenInvalid'], 401) - ->withHeader('Access-Control-Allow-Origin', '*'); + ->withJson($api_sys_messages['AccessTokenInvalid'], 401); } return $response - ->withJson($api_sys_messages['AccessTokenInvalid'], 401) - ->withHeader('Access-Control-Allow-Origin', '*'); + ->withJson($api_sys_messages['AccessTokenInvalid'], 401); }); /** @@ -529,27 +504,22 @@ $app->delete('/api/management/entries', function (Request $request, Response $re // Return response return $response - ->withJson($api_sys_messages['NotFound'], $response_code) - ->withHeader('Access-Control-Allow-Origin', '*'); + ->withJson($api_sys_messages['NotFound'], $response_code); } // Return response return $response - ->withJson($delete_entry, $response_code) - ->withHeader('Access-Control-Allow-Origin', '*'); + ->withJson($delete_entry, $response_code); } return $response - ->withJson($api_sys_messages['AccessTokenInvalid'], 401) - ->withHeader('Access-Control-Allow-Origin', '*'); + ->withJson($api_sys_messages['AccessTokenInvalid'], 401); } return $response - ->withJson($api_sys_messages['AccessTokenInvalid'], 401) - ->withHeader('Access-Control-Allow-Origin', '*'); + ->withJson($api_sys_messages['AccessTokenInvalid'], 401); } return $response - ->withJson($api_sys_messages['AccessTokenInvalid'], 401) - ->withHeader('Access-Control-Allow-Origin', '*'); + ->withJson($api_sys_messages['AccessTokenInvalid'], 401); });