QRunIO/qqq
2
0
Fork 0
mirror of https://github.com/Kingsrook/qqq.git synced 2025-07-18 05:01:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

Turn on CORS headers

Browse Source
This commit is contained in:
darin.kelkhoff
2023-05-05 08:43:41 -05:00
parent 854c8bf1ba
commit fff7f5ad8e
1 changed files with 9 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
qqq-middleware-api/src/main/java/com/kingsrook/qqq/api/javalin/QJavalinApiHandler.java
View File

@ -140,6 +140,8 @@ public class QJavalinApiHandler
ApiInstanceMetaData apiInstanceMetaData = entry.getValue();
String rootPath = apiInstanceMetaData.getPath();
ApiBuilder.before(rootPath + "*", QJavalinApiHandler::setupCORS);
//////////////////////////////////////////////
// default page is the current version spec //
//////////////////////////////////////////////
@ -320,19 +322,19 @@ public class QJavalinApiHandler
*******************************************************************************/
private static void setupCORS(Context context)
{
if(StringUtils.hasContent(context.header("Origin")))
if(StringUtils.hasContent(context.header("origin")))
{
context.res().setHeader("Access-Control-Allow-Origin", context.header("Origin"));
context.res().setHeader("Vary", "Origin");
context.res().setHeader("access-control-allow-origin", context.header("origin"));
context.res().setHeader("vary", "Origin");
}
else
{
context.res().setHeader("Access-Control-Allow-Origin", "*");
context.res().setHeader("access-control-allow-origin", "*");
}
context.header("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT, PATCH, OPTIONS");
context.header("Access-Control-Allow-Headers", "X-Requested-With, Content-Type, Authorization, Accept, content-type, authorization, accept");
context.header("Access-Control-Allow-Credentials", "true");
context.header("access-control-allow-methods", "GET, POST, DELETE, PUT, PATCH, OPTIONS");
context.header("access-control-allow-headers", "x-requested-with, content-type, authorization, accept, content-type, authorization, accept, x-api-key");
context.header("access-control-allow-credentials", "true");
}