Browse Source

Add CORS header support

pull/65/head
Starbeamrainbowlabs 2 years ago
parent
commit
78aed87ddd
Signed by: sbrl GPG Key ID: 1BE5172E637709C2
  1. 6
      Changelog.md
  2. 4
      api.php
  3. 13
      settings.default.toml

6
Changelog.md

@ -9,10 +9,16 @@ This is the changelog for the air quality web interface and its associated HTTP
- `[Code]` refers to internal changes to the code that have no direct impact on the web interface or the HTTP API, but are significant enough to warrant note.
- `[Docs]` refers to changes to the [documentation](https://aq.connectedhumber.org/__nightdocs/00-Welcome.html).
## v0.13.6
- [Code] Add option to allow cross-origin-request sharing HTTP API requests
## v0.13.5
- Disable the tour, as it's now causing a crash on startup :-(
- [API] Don't return devices in the device lists that have the `visible` flag in the database set to `0`
## v0.13.4
- [API] Fix crash in `list-devices-near` action

4
api.php

@ -78,6 +78,10 @@ if(!class_exists($handler_name)) {
exit("Error: No action with the name '$action' could be found.");
}
if($settings->get("http.cors") !== false) {
header("access-control-allow-origin: " . $settings->get("http.cors"));
}
$handler = $di_container->get($handler_name);
$perfcounter->start("handle");

13
settings.default.toml

@ -7,6 +7,19 @@
# The operating mode. Can be either "development", or "production" (default; activates a number of optimisations which might make development harder, such as 3rd-party library caches)
mode = "production"
[http]
# HTTP related settings
# Whether to enable cross-origin-request-sharing. This allows HTTP API queries
# from origins other than that of the origin of the HTTP API itself.
# For example, if the HTTP API is running on sensors.connectedhumber.org, then
# Without CORS a client-side Javascript program running on foo.example.com would
# not be able to request data.
# Possible values: false (disabled), a string (an origin to allow; set via the access-control-allow-origin header), or the special string "*" (allows all origins)
cors = false
# cors = "subdomain.example.com"
# cors = "*"
[database]
# Settings that control the database, or the connection to it

Loading…
Cancel
Save