Add CORS header support

Starbeamrainbowlabs 3 years ago
parent 552a640600
commit 78aed87ddd
Signed by: sbrl
GPG Key ID: 1BE5172E637709C2

@ -9,10 +9,16 @@ This is the changelog for the air quality web interface and its associated HTTP
- `[Code]` refers to internal changes to the code that have no direct impact on the web interface or the HTTP API, but are significant enough to warrant note.
- `[Docs]` refers to changes to the [documentation](
## v0.13.6
- [Code] Add option to allow cross-origin-request sharing HTTP API requests
## v0.13.5
- Disable the tour, as it's now causing a crash on startup :-(
- [API] Don't return devices in the device lists that have the `visible` flag in the database set to `0`
## v0.13.4
- [API] Fix crash in `list-devices-near` action

@ -78,6 +78,10 @@ if(!class_exists($handler_name)) {
exit("Error: No action with the name '$action' could be found.");
if($settings->get("http.cors") !== false) {
header("access-control-allow-origin: " . $settings->get("http.cors"));
$handler = $di_container->get($handler_name);

@ -7,6 +7,19 @@
# The operating mode. Can be either "development", or "production" (default; activates a number of optimisations which might make development harder, such as 3rd-party library caches)
mode = "production"
# HTTP related settings
# Whether to enable cross-origin-request-sharing. This allows HTTP API queries
# from origins other than that of the origin of the HTTP API itself.
# For example, if the HTTP API is running on, then
# Without CORS a client-side Javascript program running on would
# not be able to request data.
# Possible values: false (disabled), a string (an origin to allow; set via the access-control-allow-origin header), or the special string "*" (allows all origins)
cors = false
# cors = ""
# cors = "*"
# Settings that control the database, or the connection to it