123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475 |
- <?php
- namespace OCP\AppFramework;
- use OCP\AppFramework\Http\Attribute\NoAdminRequired;
- use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
- use OCP\AppFramework\Http\Attribute\PublicPage;
- use OCP\AppFramework\Http\Response;
- use OCP\IRequest;
- abstract class ApiController extends Controller {
- private $corsMethods;
- private $corsAllowedHeaders;
- private $corsMaxAge;
-
- public function __construct($appName,
- IRequest $request,
- $corsMethods = 'PUT, POST, GET, DELETE, PATCH',
- $corsAllowedHeaders = 'Authorization, Content-Type, Accept',
- $corsMaxAge = 1728000) {
- parent::__construct($appName, $request);
- $this->corsMethods = $corsMethods;
- $this->corsAllowedHeaders = $corsAllowedHeaders;
- $this->corsMaxAge = $corsMaxAge;
- }
-
-
-
-
- public function preflightedCors() {
- if (isset($this->request->server['HTTP_ORIGIN'])) {
- $origin = $this->request->server['HTTP_ORIGIN'];
- } else {
- $origin = '*';
- }
- $response = new Response();
- $response->addHeader('Access-Control-Allow-Origin', $origin);
- $response->addHeader('Access-Control-Allow-Methods', $this->corsMethods);
- $response->addHeader('Access-Control-Max-Age', (string)$this->corsMaxAge);
- $response->addHeader('Access-Control-Allow-Headers', $this->corsAllowedHeaders);
- $response->addHeader('Access-Control-Allow-Credentials', 'false');
- return $response;
- }
- }
|