Handle CORS automatically.

baraja-core · Nov 18, 2022 · bccc068 · bccc068
1 parent b94baa6
commit bccc068
Showing 1 changed file with 20 additions and 0 deletions.
diff --git a/src/ApiManager.php b/src/ApiManager.php
@@ -63,6 +63,7 @@ public function run(?string $path = null, ?array $params = [], ?string $method =
 	{
 		$path ??= Url::get()->getRelativeUrl();
 		$method = $method === null || $method === '' ? Helpers::httpMethod() : $method;
+		$this->handleCorsRequest($method);
 		$params = array_merge($this->safeGetParams($path), $this->getBodyParams($method), $params ?? []);
 		$panel = new Panel($path, $params, $method);
 		$isDebugger = class_exists(Debugger::class);
@@ -469,4 +470,23 @@ private function formatParams(array $params): array
 
 		return $return;
 	}
+
+
+	private function handleCorsRequest(string $httpMethod): void
+	{
+		if (isset($_SERVER['HTTP_ORIGIN'])) {
+			header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);
+			header('Access-Control-Allow-Credentials: true');
+			header('Access-Control-Max-Age: 86400'); // cache for 1 day
+		}
+		if ($httpMethod === 'OPTIONS') {
+			if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD'])) {
+				header('Access-Control-Allow-Methods: GET, POST, OPTIONS');
+			}
+			if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS'])) {
+				header('Access-Control-Allow-Headers: ' . $_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']);
+			}
+			die;
+		}
+	}
 }