From 20cf66c67dca7f948313d6c0c3c94f11595b1d7a Mon Sep 17 00:00:00 2001 From: tigerbot Date: Wed, 25 Oct 2017 13:35:06 -0600 Subject: [PATCH] added CORS header needed after recent change to OAuth3 library requests --- lib/admin/apis.js | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/lib/admin/apis.js b/lib/admin/apis.js index e4ea68e..ab8f589 100644 --- a/lib/admin/apis.js +++ b/lib/admin/apis.js @@ -21,6 +21,7 @@ module.exports.create = function (deps, conf) { res.setHeader('Access-Control-Allow-Origin', req.headers.origin || '*'); res.setHeader('Access-Control-Allow-Methods', methods.join(', ')); res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization'); + res.setHeader('Access-Control-Allow-Credentials', 'true'); if (req.method.toUpperCase() === 'OPTIONS') { res.setHeader('Allow', methods.join(', ')); @@ -60,13 +61,6 @@ module.exports.create = function (deps, conf) { } function isAuthorized(req, res, fn) { - // OPTIONS requests are only to determine if a particular request is allowed, and the - // browser won't send the session header with this request, so don't try to authenticate. - if (req.method === 'OPTIONS') { - fn(); - return; - } - var auth = jwt.decode((req.headers.authorization||'').replace(/^bearer\s+/i, '')); if (!auth) { res.statusCode = 401; @@ -558,10 +552,9 @@ module.exports.create = function (deps, conf) { // add middleware without worrying too much about the consequences to older code. app.use('/:name', handleOldApis); - app.use('/', isAuthorized, jsonParser); + // Not all routes support all of these methods, but not worth making this more specific + app.use('/', makeCorsHandler(['GET', 'POST', 'PUT', 'DELETE']), isAuthorized, jsonParser); - // Not all config routes support PUT or DELETE, but not worth making this more specific - app.use( '/config', makeCorsHandler(['GET', 'POST', 'PUT', 'DELETE'])); app.get( '/config', config.restful.readConfig); app.get( '/config/:group', config.restful.readConfig); app.get( '/config/:group/:mod(modules)/:modId?', config.restful.readConfig); @@ -583,7 +576,6 @@ module.exports.create = function (deps, conf) { app.put( '/config/domains/:domId', config.restful.updateDomain); app.delete('/config/domains/:domId', config.restful.removeDomain); - app.use( '/tokens', makeCorsHandler(['GET', 'POST', 'DELETE'])); app.get( '/tokens', tokens.restful.getAll); app.get( '/tokens/:id', tokens.restful.getOne); app.post( '/tokens', tokens.restful.save);