added CORS header needed after recent change to OAuth3 library requests
This commit is contained in:
		
							parent
							
								
									72ff65e833
								
							
						
					
					
						commit
						20cf66c67d
					
				| @ -21,6 +21,7 @@ module.exports.create = function (deps, conf) { | |||||||
|     res.setHeader('Access-Control-Allow-Origin', req.headers.origin || '*'); |     res.setHeader('Access-Control-Allow-Origin', req.headers.origin || '*'); | ||||||
|     res.setHeader('Access-Control-Allow-Methods', methods.join(', ')); |     res.setHeader('Access-Control-Allow-Methods', methods.join(', ')); | ||||||
|     res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization'); |     res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization'); | ||||||
|  |     res.setHeader('Access-Control-Allow-Credentials', 'true'); | ||||||
| 
 | 
 | ||||||
|     if (req.method.toUpperCase() === 'OPTIONS') { |     if (req.method.toUpperCase() === 'OPTIONS') { | ||||||
|       res.setHeader('Allow', methods.join(', ')); |       res.setHeader('Allow', methods.join(', ')); | ||||||
| @ -60,13 +61,6 @@ module.exports.create = function (deps, conf) { | |||||||
|   } |   } | ||||||
| 
 | 
 | ||||||
|   function isAuthorized(req, res, fn) { |   function isAuthorized(req, res, fn) { | ||||||
|     // OPTIONS requests are only to determine if a particular request is allowed, and the
 |  | ||||||
|     // browser won't send the session header with this request, so don't try to authenticate.
 |  | ||||||
|     if (req.method === 'OPTIONS') { |  | ||||||
|       fn(); |  | ||||||
|       return; |  | ||||||
|     } |  | ||||||
| 
 |  | ||||||
|     var auth = jwt.decode((req.headers.authorization||'').replace(/^bearer\s+/i, '')); |     var auth = jwt.decode((req.headers.authorization||'').replace(/^bearer\s+/i, '')); | ||||||
|     if (!auth) { |     if (!auth) { | ||||||
|       res.statusCode = 401; |       res.statusCode = 401; | ||||||
| @ -558,10 +552,9 @@ module.exports.create = function (deps, conf) { | |||||||
|   // add middleware without worrying too much about the consequences to older code.
 |   // add middleware without worrying too much about the consequences to older code.
 | ||||||
|   app.use('/:name', handleOldApis); |   app.use('/:name', handleOldApis); | ||||||
| 
 | 
 | ||||||
|   app.use('/', isAuthorized, jsonParser); |   // Not all routes support all of these methods, but not worth making this more specific
 | ||||||
|  |   app.use('/', makeCorsHandler(['GET', 'POST', 'PUT', 'DELETE']), isAuthorized, jsonParser); | ||||||
| 
 | 
 | ||||||
|   // Not all config routes support PUT or DELETE, but not worth making this more specific
 |  | ||||||
|   app.use(   '/config', makeCorsHandler(['GET', 'POST', 'PUT', 'DELETE'])); |  | ||||||
|   app.get(   '/config',                                                 config.restful.readConfig); |   app.get(   '/config',                                                 config.restful.readConfig); | ||||||
|   app.get(   '/config/:group',                                          config.restful.readConfig); |   app.get(   '/config/:group',                                          config.restful.readConfig); | ||||||
|   app.get(   '/config/:group/:mod(modules)/:modId?',                    config.restful.readConfig); |   app.get(   '/config/:group/:mod(modules)/:modId?',                    config.restful.readConfig); | ||||||
| @ -583,7 +576,6 @@ module.exports.create = function (deps, conf) { | |||||||
|   app.put(   '/config/domains/:domId',                        config.restful.updateDomain); |   app.put(   '/config/domains/:domId',                        config.restful.updateDomain); | ||||||
|   app.delete('/config/domains/:domId',                        config.restful.removeDomain); |   app.delete('/config/domains/:domId',                        config.restful.removeDomain); | ||||||
| 
 | 
 | ||||||
|   app.use(   '/tokens', makeCorsHandler(['GET', 'POST', 'DELETE'])); |  | ||||||
|   app.get(   '/tokens',         tokens.restful.getAll); |   app.get(   '/tokens',         tokens.restful.getAll); | ||||||
|   app.get(   '/tokens/:id',     tokens.restful.getOne); |   app.get(   '/tokens/:id',     tokens.restful.getOne); | ||||||
|   app.post(  '/tokens',         tokens.restful.save); |   app.post(  '/tokens',         tokens.restful.save); | ||||||
|  | |||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user