Skip to content

Commit

Permalink
Merge pull request #3434 from CachetHQ/hotfix/cors
Browse files Browse the repository at this point in the history 
Fixes CORS headers
  • Loading branch information
@jbrooksuk
jbrooksuk committed Jan 27, 2019
2 parents 33116e4 + ffe9c99 commit 61cddfb
Show file tree
Hide file tree
Showing 5 changed files with 49 additions and 13 deletions.
4 changes: 1 addition & 3 deletions app/Foundation/Providers/RouteServiceProvider.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,18 +11,17 @@

namespace CachetHQ\Cachet\Foundation\Providers;

use Barryvdh\Cors\HandleCors;
use CachetHQ\Cachet\Http\Middleware\Acceptable;
use CachetHQ\Cachet\Http\Middleware\Authenticate;
use CachetHQ\Cachet\Http\Middleware\Timezone;
use CachetHQ\Cachet\Http\Middleware\VerifyCsrfToken;
use CachetHQ\Cachet\Http\Routes\ApiSystemRoutes;
use CachetHQ\Cachet\Http\Routes\AuthRoutes;
use CachetHQ\Cachet\Http\Routes\Setup\ApiRoutes as ApiSetupRoutes;
use CachetHQ\Cachet\Http\Routes\SetupRoutes;
use CachetHQ\Cachet\Http\Routes\SignupRoutes;
use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse;
use Illuminate\Cookie\Middleware\EncryptCookies;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken;
use Illuminate\Foundation\Support\Providers\RouteServiceProvider as ServiceProvider;
use Illuminate\Routing\Middleware\SubstituteBindings;
use Illuminate\Routing\Router;
Expand Down Expand Up @@ -171,7 +170,6 @@ protected function mapForBrowser(Router $router, $routes, $applyAlwaysAuthentica
protected function mapOtherwise(Router $router, $routes, $applyAlwaysAuthenticate)
{
$middleware = [
HandleCors::class,
SubstituteBindings::class,
Acceptable::class,
Timezone::class,
Expand Down
6 changes: 4 additions & 2 deletions app/Http/Kernel.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
namespace CachetHQ\Cachet\Http;

use AltThree\Throttle\ThrottlingMiddleware;
use Barryvdh\Cors\HandleCors;
use CachetHQ\Cachet\Http\Middleware\Admin;
use CachetHQ\Cachet\Http\Middleware\ApiAuthentication;
use CachetHQ\Cachet\Http\Middleware\Authenticate;
Expand All @@ -33,8 +34,8 @@ class Kernel extends HttpKernel
* @var array
*/
protected $middleware = [
TrustProxies::class,
CheckForMaintenanceMode::class,
// TrustProxies::class,
// CheckForMaintenanceMode::class,
];

/**
Expand All @@ -45,6 +46,7 @@ class Kernel extends HttpKernel
protected $routeMiddleware = [
'admin' => Admin::class,
'can' => Authorize::class,
'cors' => HandleCors::class,
'auth' => Authenticate::class,
'auth.api' => ApiAuthentication::class,
'guest' => RedirectIfAuthenticated::class,
Expand Down
33 changes: 33 additions & 0 deletions app/Http/Middleware/VerifyCsrfToken.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
<?php

/*
* This file is part of Cachet.
*
* (c) Alt Three Services Limited
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/

namespace CachetHQ\Cachet\Http\Middleware;

use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as Middleware;

class VerifyCsrfToken extends Middleware
{
/**
* Indicates whether the XSRF-TOKEN cookie should be set on the response.
*
* @var bool
*/
protected $addHttpCookie = true;

/**
* The URIs that should be excluded from CSRF verification.
*
* @var array
*/
protected $except = [
'/api/*',
];
}
2 changes: 1 addition & 1 deletion app/Http/Routes/ApiRoutes.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ public function map(Registrar $router)
'namespace' => 'Api',
'prefix' => 'api/v1',
], function (Registrar $router) {
$router->group(['middleware' => ['auth.api']], function (Registrar $router) {
$router->group(['middleware' => ['auth.api', 'cors']], function (Registrar $router) {
$router->get('components', 'ComponentController@index');
$router->get('components/groups', 'ComponentGroupController@index');
$router->get('components/groups/{component_group}', 'ComponentGroupController@show');
Expand Down
17 changes: 10 additions & 7 deletions config/cors.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
*/

return [

/*
|--------------------------------------------------------------------------
| Laravel CORS
Expand All @@ -19,11 +20,13 @@
| to accept any value.
|
*/
'supportsCredentials' => false,
'allowedOrigins' => ['*'],
'allowedHeaders' => ['X-Cachet-Token'],
'allowedMethods' => ['*'],
'exposedHeaders' => [],
'maxAge' => 3600,
'hosts' => [],

'supportsCredentials' => false,
'allowedOrigins' => ['*'],
'allowedOriginsPatterns' => [],
'allowedHeaders' => ['X-Cachet-Token'],
'allowedMethods' => ['*'],
'exposedHeaders' => [],
'maxAge' => 3600,

];

0 comments on commit 61cddfb

Please sign in to comment.