forked from GNUsocial/gnu-social
Change a few things around for CORS header output
This commit is contained in:
parent
cb183359e2
commit
969a558339
@ -44,6 +44,7 @@ class HostMetaAction extends Action
|
||||
function handle()
|
||||
{
|
||||
parent::handle();
|
||||
common_debug("GARGARGAR");
|
||||
|
||||
$domain = common_config('site', 'server');
|
||||
|
||||
@ -59,11 +60,13 @@ class HostMetaAction extends Action
|
||||
Event::handle('EndHostMetaLinks', array(&$xrd->links));
|
||||
}
|
||||
|
||||
global $config;
|
||||
if($config['site']['cors'] === true){
|
||||
// Output Cross-Origin Resource Sharing (CORS) header
|
||||
if (common_config('discovery', 'cors')) {
|
||||
header('Access-Control-Allow-Origin: *');
|
||||
}
|
||||
|
||||
header('Content-type: application/xrd+xml');
|
||||
|
||||
print $xrd->toXML();
|
||||
}
|
||||
}
|
||||
|
@ -31,9 +31,6 @@ class UserxrdAction extends XrdAction
|
||||
{
|
||||
parent::prepare($args);
|
||||
global $config;
|
||||
if($config['site']['cors'] === true){
|
||||
header('Access-Control-Allow-Origin: *');
|
||||
}
|
||||
|
||||
$this->uri = $this->trimmed('uri');
|
||||
$this->uri = self::normalize($this->uri);
|
||||
|
@ -40,8 +40,12 @@ $config['site']['path'] = 'statusnet';
|
||||
// $config['site']['inviteonly'] = true;
|
||||
// Make the site invisible to non-logged-in users
|
||||
// $config['site']['private'] = true;
|
||||
// Allow Cross-Origin Resource Sharing
|
||||
// $config['site']['cors'] = true;
|
||||
|
||||
// Allow Cross-Origin Resource Sharing (CORS) for service discovery
|
||||
// (host-meta, XRD, etc.) Useful for AJAXy client applications. Should
|
||||
// probably NOT be on for private / intranet sites but OK for public sites.
|
||||
// Default is off.
|
||||
// $config['discovery']['cors'] = true;
|
||||
|
||||
// If your web server supports X-Sendfile (Apache with mod_xsendfile,
|
||||
// lighttpd, nginx), you can enable X-Sendfile support for better
|
||||
|
@ -61,7 +61,6 @@ $default =
|
||||
'textlimit' => 140,
|
||||
'indent' => true,
|
||||
'use_x_sendfile' => false,
|
||||
'cors' => true,
|
||||
'notice' => null, // site wide notice text
|
||||
'build' => 1, // build number, for code-dependent cache
|
||||
'minify' => true, // true to use the minified versions of JS files; false to use orig files. Can aid during development
|
||||
@ -350,4 +349,6 @@ $default =
|
||||
),
|
||||
'router' =>
|
||||
array('cache' => true), // whether to cache the router object. Defaults to true, turn off for devel
|
||||
'discovery' =>
|
||||
array('cors' => false) // Allow Cross-Origin Resource Sharing for service discovery (host-meta, XRD, etc.)
|
||||
);
|
||||
|
@ -117,7 +117,12 @@ class XrdAction extends Action
|
||||
Event::handle('EndXrdActionLinks', array(&$xrd, $this->user));
|
||||
}
|
||||
|
||||
if (common_config('discovery', 'cors')) {
|
||||
header('Access-Control-Allow-Origin: *');
|
||||
}
|
||||
|
||||
header('Content-type: application/xrd+xml');
|
||||
|
||||
print $xrd->toXML();
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user