Mirrors/shlink
1
0
Fork 0
mirror of https://github.com/shlinkio/shlink.git synced 2026-03-06 15:23:12 +08:00
Code Issues Packages Projects Releases Wiki Activity

Added missing X-Api-Key header to cross domain middleware

Browse Source
This commit is contained in:
Alejandro Celaya
2018-11-18 17:00:23 +01:00
parent 90732a4fad
commit d4d65bdf37
4 changed files with 30 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
module/Rest/src/Middleware/CrossDomainMiddleware.php
View File

@@ -8,6 +8,8 @@ use Psr\Http\Message\ResponseInterface as Response;
use Psr\Http\Message\ServerRequestInterface as Request;
use Psr\Http\Server\MiddlewareInterface;
use Psr\Http\Server\RequestHandlerInterface;
use Shlinkio\Shlink\Rest\Authentication;
use function implode;
class CrossDomainMiddleware implements MiddlewareInterface, RequestMethodInterface
{
@@ -31,7 +33,10 @@ class CrossDomainMiddleware implements MiddlewareInterface, RequestMethodInterfa
// Add Allow-Origin header
$response = $response->withHeader('Access-Control-Allow-Origin', $request->getHeader('Origin'))
->withHeader('Access-Control-Expose-Headers', 'Authorization');
->withHeader('Access-Control-Expose-Headers', implode(', ', [
Authentication\Plugin\ApiKeyHeaderPlugin::HEADER_NAME,
Authentication\Plugin\AuthorizationHeaderPlugin::HEADER_NAME,
]));
if ($request->getMethod() !== self::METHOD_OPTIONS) {
return $response;
}