QRunIO/qqq
2
0
Fork 0
mirror of https://github.com/Kingsrook/qqq.git synced 2025-07-18 13:10:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

Turn on CORS headers

Browse Source
This commit is contained in:
darin.kelkhoff
2023-05-05 08:43:41 -05:00
parent 854c8bf1ba
commit fff7f5ad8e
1 changed files with 9 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
qqq-middleware-api/src/main/java/com/kingsrook/qqq/api/javalin/QJavalinApiHandler.java
View File

@ -140,6 +140,8 @@ public class QJavalinApiHandler
ApiInstanceMetaData apiInstanceMetaData = entry.getValue(); ApiInstanceMetaData apiInstanceMetaData = entry.getValue();
String rootPath = apiInstanceMetaData.getPath(); String rootPath = apiInstanceMetaData.getPath();
ApiBuilder.before(rootPath + "*", QJavalinApiHandler::setupCORS);
////////////////////////////////////////////// //////////////////////////////////////////////
// default page is the current version spec // // default page is the current version spec //
////////////////////////////////////////////// //////////////////////////////////////////////
@ -320,19 +322,19 @@ public class QJavalinApiHandler
*******************************************************************************/ *******************************************************************************/
private static void setupCORS(Context context) private static void setupCORS(Context context)
{ {
if(StringUtils.hasContent(context.header("Origin"))) if(StringUtils.hasContent(context.header("origin")))
{ {
context.res().setHeader("Access-Control-Allow-Origin", context.header("Origin")); context.res().setHeader("access-control-allow-origin", context.header("origin"));
context.res().setHeader("Vary", "Origin"); context.res().setHeader("vary", "Origin");
} }
else else
{ {
context.res().setHeader("Access-Control-Allow-Origin", "*"); context.res().setHeader("access-control-allow-origin", "*");
} }
context.header("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT, PATCH, OPTIONS"); context.header("access-control-allow-methods", "GET, POST, DELETE, PUT, PATCH, OPTIONS");
context.header("Access-Control-Allow-Headers", "X-Requested-With, Content-Type, Authorization, Accept, content-type, authorization, accept"); context.header("access-control-allow-headers", "x-requested-with, content-type, authorization, accept, content-type, authorization, accept, x-api-key");
context.header("Access-Control-Allow-Credentials", "true"); context.header("access-control-allow-credentials", "true");
} }