Only set Access-Control-Allow-Origin to '*' when you actually want it
This commit is contained in:
parent
932b557b89
commit
7dfa0af73b
|
@ -41,6 +41,12 @@ define('KaraDAV\WWW_URL', sprintf('http%s://%s%s%s', $https, $name, $port, $root
|
|||
*/
|
||||
const WOPI_DISCOVERY_URL = null;
|
||||
|
||||
/**
|
||||
* Set this to TRUE if you want 'Access-Control-Allow-Origin' header to be set to '*'
|
||||
* and allow remote JS clients to make WebDAV requests.
|
||||
*/
|
||||
const ACCESS_CONTROL_ALL = false;
|
||||
|
||||
/**
|
||||
* Path to a log file (eg. __DIR__ . '/debug.log')
|
||||
* This will log all HTTP requests and responses received by the server
|
||||
|
|
|
@ -19,7 +19,6 @@ class Server
|
|||
|
||||
public function route(?string $uri = null): bool
|
||||
{
|
||||
header('Access-Control-Allow-Origin: *', true);
|
||||
$method = $_SERVER['REQUEST_METHOD'] ?? null;
|
||||
|
||||
// Always say YES to OPTIONS
|
||||
|
|
|
@ -25,10 +25,12 @@ class WebDAV extends WebDAV_Server
|
|||
{
|
||||
parent::http_options();
|
||||
|
||||
header('Access-Control-Allow-Origin: *');
|
||||
header('Access-Control-Allow-Credentials: true');
|
||||
header('Access-Control-Allow-Headers: Authorization, *');
|
||||
header('Access-Control-Allow-Methods: GET,HEAD,PUT,DELETE,COPY,MOVE,PROPFIND,MKCOL,LOCK,UNLOCK');
|
||||
if (ACCESS_CONTROL_ALL) {
|
||||
header('Access-Control-Allow-Origin: *');
|
||||
header('Access-Control-Allow-Credentials: true');
|
||||
header('Access-Control-Allow-Headers: Authorization, *');
|
||||
header('Access-Control-Allow-Methods: GET,HEAD,PUT,DELETE,COPY,MOVE,PROPFIND,MKCOL,LOCK,UNLOCK');
|
||||
}
|
||||
}
|
||||
|
||||
public function log(string $message, ...$params)
|
||||
|
|
Loading…
Reference in a new issue