jshaver
/
goldilocks.js
複製自 coolaj86/goldilocks.js
1
0
複製 0
程式碼 問題管理 合併請求 版本發佈 Wiki Activity

added CORS header needed after recent change to OAuth3 library requests

This commit is contained in:
tigerbot 2017-10-25 13:35:06 -06:00
父節點 72ff65e833
當前提交 20cf66c67d
共有 1 個文件被更改,包括 3 次插入11 次删除
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
lib/admin/apis.js
查看文件

@ -21,6 +21,7 @@ module.exports.create = function (deps, conf) {
res.setHeader('Access-Control-Allow-Origin', req.headers.origin || '*');
res.setHeader('Access-Control-Allow-Methods', methods.join(', '));
res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization');
res.setHeader('Access-Control-Allow-Credentials', 'true');
if (req.method.toUpperCase() === 'OPTIONS') {
res.setHeader('Allow', methods.join(', '));
@ -60,13 +61,6 @@ module.exports.create = function (deps, conf) {
}
function isAuthorized(req, res, fn) {
// OPTIONS requests are only to determine if a particular request is allowed, and the
// browser won't send the session header with this request, so don't try to authenticate.
if (req.method === 'OPTIONS') {
fn();
return;
}
var auth = jwt.decode((req.headers.authorization||'').replace(/^bearer\s+/i, ''));
if (!auth) {
res.statusCode = 401;
@ -558,10 +552,9 @@ module.exports.create = function (deps, conf) {
// add middleware without worrying too much about the consequences to older code.
app.use('/:name', handleOldApis);
app.use('/', isAuthorized, jsonParser);
// Not all routes support all of these methods, but not worth making this more specific
app.use('/', makeCorsHandler(['GET', 'POST', 'PUT', 'DELETE']), isAuthorized, jsonParser);
// Not all config routes support PUT or DELETE, but not worth making this more specific
app.use( '/config', makeCorsHandler(['GET', 'POST', 'PUT', 'DELETE']));
app.get( '/config', config.restful.readConfig);
app.get( '/config/:group', config.restful.readConfig);
app.get( '/config/:group/:mod(modules)/:modId?', config.restful.readConfig);
@ -583,7 +576,6 @@ module.exports.create = function (deps, conf) {
app.put( '/config/domains/:domId', config.restful.updateDomain);
app.delete('/config/domains/:domId', config.restful.removeDomain);
app.use( '/tokens', makeCorsHandler(['GET', 'POST', 'DELETE']));
app.get( '/tokens', tokens.restful.getAll);
app.get( '/tokens/:id', tokens.restful.getOne);
app.post( '/tokens', tokens.restful.save);