CORS: special handling for AJAX SSL (#2110)
This commit is contained in:
parent
2440fc7866
commit
e1767abfda
|
@ -1100,7 +1100,19 @@ sub corsPreflight {
|
||||||
sub sendJSONresponse {
|
sub sendJSONresponse {
|
||||||
my ( $self, $req, $j, %args ) = @_;
|
my ( $self, $req, $j, %args ) = @_;
|
||||||
my $res = Lemonldap::NG::Common::PSGI::sendJSONresponse(@_);
|
my $res = Lemonldap::NG::Common::PSGI::sendJSONresponse(@_);
|
||||||
if ( $self->conf->{corsEnabled} ) {
|
|
||||||
|
# If this is a cross-domain request from the portal itself
|
||||||
|
# (Ajax SSL to a different VHost)
|
||||||
|
# we allow CORS
|
||||||
|
if ( $req->origin and index( $self->conf->{portal}, $req->origin ) == 0 ) {
|
||||||
|
$self->logger->debug('AJAX request from portal, allowing CORS');
|
||||||
|
push @{ $res->[1] },
|
||||||
|
"Access-Control-Allow-Origin" => $req->origin,
|
||||||
|
"Access-Control-Allow-Methods" => "*",
|
||||||
|
"Access-Control-Allow-Credentials" => "true";
|
||||||
|
|
||||||
|
}
|
||||||
|
elsif ( $self->conf->{corsEnabled} ) {
|
||||||
my @cors = split /;/, $self->cors;
|
my @cors = split /;/, $self->cors;
|
||||||
push @{ $res->[1] }, @cors;
|
push @{ $res->[1] }, @cors;
|
||||||
$self->logger->debug('Apply following CORS policy :');
|
$self->logger->debug('Apply following CORS policy :');
|
||||||
|
|
Loading…
Reference in New Issue
Block a user