forked from GNUsocial/gnu-social
		
	Change a few things around for CORS header output
This commit is contained in:
		| @@ -44,6 +44,7 @@ class HostMetaAction extends Action | ||||
|     function handle() | ||||
|     { | ||||
|         parent::handle(); | ||||
|         common_debug("GARGARGAR"); | ||||
|  | ||||
|         $domain = common_config('site', 'server'); | ||||
|  | ||||
| @@ -59,11 +60,13 @@ class HostMetaAction extends Action | ||||
|             Event::handle('EndHostMetaLinks', array(&$xrd->links)); | ||||
|         } | ||||
|  | ||||
|         global $config; | ||||
|         if($config['site']['cors'] === true){ | ||||
|         // Output Cross-Origin Resource Sharing (CORS) header | ||||
|         if (common_config('discovery', 'cors')) { | ||||
|             header('Access-Control-Allow-Origin: *'); | ||||
|         } | ||||
|  | ||||
|         header('Content-type: application/xrd+xml'); | ||||
|  | ||||
|         print $xrd->toXML(); | ||||
|     } | ||||
| } | ||||
|   | ||||
| @@ -31,9 +31,6 @@ class UserxrdAction extends XrdAction | ||||
|     { | ||||
|         parent::prepare($args); | ||||
|         global $config; | ||||
|         if($config['site']['cors'] === true){ | ||||
|             header('Access-Control-Allow-Origin: *'); | ||||
|         } | ||||
|  | ||||
|         $this->uri = $this->trimmed('uri'); | ||||
|         $this->uri = self::normalize($this->uri); | ||||
|   | ||||
| @@ -40,8 +40,12 @@ $config['site']['path'] = 'statusnet'; | ||||
| // $config['site']['inviteonly'] = true; | ||||
| // Make the site invisible to  non-logged-in users | ||||
| // $config['site']['private'] = true; | ||||
| // Allow Cross-Origin Resource Sharing | ||||
| // $config['site']['cors'] = true; | ||||
|  | ||||
| // Allow Cross-Origin Resource Sharing (CORS) for service discovery | ||||
| // (host-meta, XRD, etc.) Useful for AJAXy client applications. Should | ||||
| // probably NOT be on for private / intranet sites but OK for public sites. | ||||
| // Default is off. | ||||
| // $config['discovery']['cors'] = true; | ||||
|  | ||||
| // If your web server supports X-Sendfile (Apache with mod_xsendfile, | ||||
| // lighttpd, nginx), you can enable X-Sendfile support for better | ||||
|   | ||||
| @@ -61,7 +61,6 @@ $default = | ||||
|               'textlimit' => 140, | ||||
|               'indent' => true, | ||||
|               'use_x_sendfile' => false, | ||||
|               'cors' => true, | ||||
|               'notice' => null, // site wide notice text | ||||
|               'build' => 1, // build number, for code-dependent cache | ||||
|               'minify' => true, // true to use the minified versions of JS files; false to use orig files. Can aid during development | ||||
| @@ -350,4 +349,6 @@ $default = | ||||
|               ), | ||||
|         'router' => | ||||
|         array('cache' => true), // whether to cache the router object. Defaults to true, turn off for devel | ||||
|         'discovery' => | ||||
|         array('cors' => false) // Allow Cross-Origin Resource Sharing for service discovery (host-meta, XRD, etc.) | ||||
|     ); | ||||
|   | ||||
| @@ -117,7 +117,12 @@ class XrdAction extends Action | ||||
|             Event::handle('EndXrdActionLinks', array(&$xrd, $this->user)); | ||||
|         } | ||||
|  | ||||
|         if (common_config('discovery', 'cors')) { | ||||
|             header('Access-Control-Allow-Origin: *'); | ||||
|         } | ||||
|  | ||||
|         header('Content-type: application/xrd+xml'); | ||||
|  | ||||
|         print $xrd->toXML(); | ||||
|     } | ||||
|  | ||||
|   | ||||
		Reference in New Issue
	
	Block a user