Add CORS header support

This commit is contained in:
Starbeamrainbowlabs 2020-05-21 19:16:30 +01:00
parent 552a640600
commit 78aed87ddd
Signed by: sbrl
GPG key ID: 1BE5172E637709C2
3 changed files with 23 additions and 0 deletions

View file

@ -9,10 +9,16 @@ This is the changelog for the air quality web interface and its associated HTTP
- `[Code]` refers to internal changes to the code that have no direct impact on the web interface or the HTTP API, but are significant enough to warrant note.
- `[Docs]` refers to changes to the [documentation](https://aq.connectedhumber.org/__nightdocs/00-Welcome.html).
## v0.13.6
- [Code] Add option to allow cross-origin-request sharing HTTP API requests
## v0.13.5
- Disable the tour, as it's now causing a crash on startup :-(
- [API] Don't return devices in the device lists that have the `visible` flag in the database set to `0`
## v0.13.4
- [API] Fix crash in `list-devices-near` action

View file

@ -78,6 +78,10 @@ if(!class_exists($handler_name)) {
exit("Error: No action with the name '$action' could be found.");
}
if($settings->get("http.cors") !== false) {
header("access-control-allow-origin: " . $settings->get("http.cors"));
}
$handler = $di_container->get($handler_name);
$perfcounter->start("handle");

View file

@ -7,6 +7,19 @@
# The operating mode. Can be either "development", or "production" (default; activates a number of optimisations which might make development harder, such as 3rd-party library caches)
mode = "production"
[http]
# HTTP related settings
# Whether to enable cross-origin-request-sharing. This allows HTTP API queries
# from origins other than that of the origin of the HTTP API itself.
# For example, if the HTTP API is running on sensors.connectedhumber.org, then
# Without CORS a client-side Javascript program running on foo.example.com would
# not be able to request data.
# Possible values: false (disabled), a string (an origin to allow; set via the access-control-allow-origin header), or the special string "*" (allows all origins)
cors = false
# cors = "subdomain.example.com"
# cors = "*"
[database]
# Settings that control the database, or the connection to it