added CORS header needed after recent change to OAuth3 library requests
This commit is contained in:
parent
72ff65e833
commit
20cf66c67d
|
@ -21,6 +21,7 @@ module.exports.create = function (deps, conf) {
|
||||||
res.setHeader('Access-Control-Allow-Origin', req.headers.origin || '*');
|
res.setHeader('Access-Control-Allow-Origin', req.headers.origin || '*');
|
||||||
res.setHeader('Access-Control-Allow-Methods', methods.join(', '));
|
res.setHeader('Access-Control-Allow-Methods', methods.join(', '));
|
||||||
res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization');
|
res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization');
|
||||||
|
res.setHeader('Access-Control-Allow-Credentials', 'true');
|
||||||
|
|
||||||
if (req.method.toUpperCase() === 'OPTIONS') {
|
if (req.method.toUpperCase() === 'OPTIONS') {
|
||||||
res.setHeader('Allow', methods.join(', '));
|
res.setHeader('Allow', methods.join(', '));
|
||||||
|
@ -60,13 +61,6 @@ module.exports.create = function (deps, conf) {
|
||||||
}
|
}
|
||||||
|
|
||||||
function isAuthorized(req, res, fn) {
|
function isAuthorized(req, res, fn) {
|
||||||
// OPTIONS requests are only to determine if a particular request is allowed, and the
|
|
||||||
// browser won't send the session header with this request, so don't try to authenticate.
|
|
||||||
if (req.method === 'OPTIONS') {
|
|
||||||
fn();
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
var auth = jwt.decode((req.headers.authorization||'').replace(/^bearer\s+/i, ''));
|
var auth = jwt.decode((req.headers.authorization||'').replace(/^bearer\s+/i, ''));
|
||||||
if (!auth) {
|
if (!auth) {
|
||||||
res.statusCode = 401;
|
res.statusCode = 401;
|
||||||
|
@ -558,10 +552,9 @@ module.exports.create = function (deps, conf) {
|
||||||
// add middleware without worrying too much about the consequences to older code.
|
// add middleware without worrying too much about the consequences to older code.
|
||||||
app.use('/:name', handleOldApis);
|
app.use('/:name', handleOldApis);
|
||||||
|
|
||||||
app.use('/', isAuthorized, jsonParser);
|
// Not all routes support all of these methods, but not worth making this more specific
|
||||||
|
app.use('/', makeCorsHandler(['GET', 'POST', 'PUT', 'DELETE']), isAuthorized, jsonParser);
|
||||||
|
|
||||||
// Not all config routes support PUT or DELETE, but not worth making this more specific
|
|
||||||
app.use( '/config', makeCorsHandler(['GET', 'POST', 'PUT', 'DELETE']));
|
|
||||||
app.get( '/config', config.restful.readConfig);
|
app.get( '/config', config.restful.readConfig);
|
||||||
app.get( '/config/:group', config.restful.readConfig);
|
app.get( '/config/:group', config.restful.readConfig);
|
||||||
app.get( '/config/:group/:mod(modules)/:modId?', config.restful.readConfig);
|
app.get( '/config/:group/:mod(modules)/:modId?', config.restful.readConfig);
|
||||||
|
@ -583,7 +576,6 @@ module.exports.create = function (deps, conf) {
|
||||||
app.put( '/config/domains/:domId', config.restful.updateDomain);
|
app.put( '/config/domains/:domId', config.restful.updateDomain);
|
||||||
app.delete('/config/domains/:domId', config.restful.removeDomain);
|
app.delete('/config/domains/:domId', config.restful.removeDomain);
|
||||||
|
|
||||||
app.use( '/tokens', makeCorsHandler(['GET', 'POST', 'DELETE']));
|
|
||||||
app.get( '/tokens', tokens.restful.getAll);
|
app.get( '/tokens', tokens.restful.getAll);
|
||||||
app.get( '/tokens/:id', tokens.restful.getOne);
|
app.get( '/tokens/:id', tokens.restful.getOne);
|
||||||
app.post( '/tokens', tokens.restful.save);
|
app.post( '/tokens', tokens.restful.save);
|
||||||
|
|
Loading…
Reference in New Issue