CORS: special handling for AJAX SSL (#2110)

2020-03-26 20:19:38 +01:00 · 2020-03-26 20:19:38 +01:00 · e1767abfda
commit e1767abfda
parent 2440fc7866
1 changed files with 13 additions and 1 deletions
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm
@ -1100,7 +1100,19 @@ sub corsPreflight {
 sub sendJSONresponse {
    my ( $self, $req, $j, %args ) = @_;
    my $res = Lemonldap::NG::Common::PSGI::sendJSONresponse(@_);
-    if ( $self->conf->{corsEnabled} ) {
+
+    # If this is a cross-domain request from the portal itself
+    # (Ajax SSL to a different VHost)
+    # we allow CORS
+    if ( $req->origin and index( $self->conf->{portal}, $req->origin ) == 0 ) {
+        $self->logger->debug('AJAX request from portal, allowing CORS');
+        push @{ $res->[1] },
+          "Access-Control-Allow-Origin"      => $req->origin,
+          "Access-Control-Allow-Methods"     => "*",
+          "Access-Control-Allow-Credentials" => "true";
+
+    }
+    elsif ( $self->conf->{corsEnabled} ) {
        my @cors = split /;/, $self->cors;
        push @{ $res->[1] }, @cors;
        $self->logger->debug('Apply following CORS policy :');