mirror of
https://github.com/ConnectedHumber/Air-Quality-Web
synced 2024-12-24 10:45:02 +00:00
Add CORS header support
This commit is contained in:
parent
552a640600
commit
78aed87ddd
3 changed files with 23 additions and 0 deletions
|
@ -9,10 +9,16 @@ This is the changelog for the air quality web interface and its associated HTTP
|
|||
- `[Code]` refers to internal changes to the code that have no direct impact on the web interface or the HTTP API, but are significant enough to warrant note.
|
||||
- `[Docs]` refers to changes to the [documentation](https://aq.connectedhumber.org/__nightdocs/00-Welcome.html).
|
||||
|
||||
|
||||
## v0.13.6
|
||||
- [Code] Add option to allow cross-origin-request sharing HTTP API requests
|
||||
|
||||
|
||||
## v0.13.5
|
||||
- Disable the tour, as it's now causing a crash on startup :-(
|
||||
- [API] Don't return devices in the device lists that have the `visible` flag in the database set to `0`
|
||||
|
||||
|
||||
## v0.13.4
|
||||
- [API] Fix crash in `list-devices-near` action
|
||||
|
||||
|
|
4
api.php
4
api.php
|
@ -78,6 +78,10 @@ if(!class_exists($handler_name)) {
|
|||
exit("Error: No action with the name '$action' could be found.");
|
||||
}
|
||||
|
||||
if($settings->get("http.cors") !== false) {
|
||||
header("access-control-allow-origin: " . $settings->get("http.cors"));
|
||||
}
|
||||
|
||||
$handler = $di_container->get($handler_name);
|
||||
|
||||
$perfcounter->start("handle");
|
||||
|
|
|
@ -7,6 +7,19 @@
|
|||
# The operating mode. Can be either "development", or "production" (default; activates a number of optimisations which might make development harder, such as 3rd-party library caches)
|
||||
mode = "production"
|
||||
|
||||
[http]
|
||||
# HTTP related settings
|
||||
|
||||
# Whether to enable cross-origin-request-sharing. This allows HTTP API queries
|
||||
# from origins other than that of the origin of the HTTP API itself.
|
||||
# For example, if the HTTP API is running on sensors.connectedhumber.org, then
|
||||
# Without CORS a client-side Javascript program running on foo.example.com would
|
||||
# not be able to request data.
|
||||
# Possible values: false (disabled), a string (an origin to allow; set via the access-control-allow-origin header), or the special string "*" (allows all origins)
|
||||
cors = false
|
||||
# cors = "subdomain.example.com"
|
||||
# cors = "*"
|
||||
|
||||
[database]
|
||||
# Settings that control the database, or the connection to it
|
||||
|
||||
|
|
Loading…
Reference in a new issue