commit 3cc83b6f8b2f5adb5c1b776b6e092bf2babc9917
author avm99963 <me@avm99963.com> Sun Sep 27 21:03:44 2020 +0200
committer avm99963 <me@avm99963.com> Sun Sep 27 21:03:44 2020 +0200
tree 4744da6f8ae472091d8f343d9b4665412f2bcdf9
parent 80afa6861861b2d925c14dbadcedccf286506794

Corregit error de CORS

Quan s'intentava fer una petició CORS amb l'opció credentials: true no
es podia realitzar correctament perquè no s'establien les capçaleres
correctes.

Aquest commit soluciona aquest problema.

Change-Id: Ief13517d9ec034b8ba9169d5d317fe161bc13799

inc/API.php

diff --git a/inc/API.php b/inc/API.php
index a3607bb..b8aa454 100644
--- a/inc/API.php
+++ b/inc/API.php
@@ -50,13 +50,23 @@
     return $json;
   }
 
+  private static function setCORSHeaders() {
+    global $conf;
+    if ((isset($conf['allowAllOrigins']) && $conf['allowAllOrigins']) ||
+        (isset($conf['allowedOrigins']) &&
+        isset($_SERVER['HTTP_ORIGIN']) &&
+        in_array($_SERVER['HTTP_ORIGIN'], $conf['allowedOrigins']))) {
+      header('Access-Control-Allow-Origin: '.($_SERVER['HTTP_ORIGIN'] ?? '*'));
+      header('Access-Control-Allow-Credentials: true');
+    }
+  }
+
+
   public static function process($path) {
     global $conf;
 
     header('Content-Type: application/json');
-
-    if (isset($conf['allowedOrigin']) && !empty($conf['allowedOrigin']))
-      header('Access-Control-Allow-Origin: '.$conf['allowedOrigin']);
+    self::setCORSHeaders();
 
     $parts = explode('/', $path);
     $method = $parts[0] ?? '';