mirror/zoneminder
1
0
Fork 0
mirror of https://github.com/ZoneMinder/zoneminder.git synced 2026-05-14 01:24:34 -04:00
Code Issues Packages Projects Releases Wiki Activity

Add CORS headers to API

Browse Source
This commit is contained in:
Isaac Connor
2022-11-29 17:16:49 -05:00
parent c4c31a5880
commit e11b7d3406
1 changed files with 29 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
web/api/app/Controller/AppController.php
View File

@@ -153,5 +153,34 @@ class AppController extends Controller {
} # end if ZM_OPT_AUTH
// make sure populated user object has APIs enabled
if (isset($_SERVER['HTTP_ORIGIN'])) {
$Servers = ZM\Server::find();
if ( sizeof($Servers) < 1 ) {
# Only need CORSHeaders in the event that there are multiple servers in use.
# ICON: Might not be true. multi-port?
if ( ZM_MIN_STREAMING_PORT ) {
ZM\Debug('Setting default Access-Control-Allow-Origin from ' . $_SERVER['HTTP_ORIGIN']);
$this->response->header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);
$this->response->header('Access-Control-Allow-Credentials: true');
$this->response->header('Access-Control-Allow-Headers: x-requested-with,x-request');
}
return;
}
foreach ($Servers as $Server) {
if (
preg_match('/^(https?:\/\/)?'.preg_quote($Server->Hostname(),'/').'/i', $_SERVER['HTTP_ORIGIN'])
or
preg_match('/^(https?:\/\/)?'.preg_quote($Server->Name(),'/').'/i', $_SERVER['HTTP_ORIGIN'])
) {
ZM\Debug('Setting Access-Control-Allow-Origin from '.$_SERVER['HTTP_ORIGIN']);
$this->response->header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);
$this->response->header('Access-Control-Allow-Credentials: true');
$this->response->header('Access-Control-Allow-Headers: x-requested-with,x-request');
break;
}
}
}
} # end function beforeFilter()
}