Event::handle('EndHostMetaLinks', array(&$xrd->links));
}
+ // Output Cross-Origin Resource Sharing (CORS) header
+ if (common_config('discovery', 'cors')) {
+ header('Access-Control-Allow-Origin: *');
+ }
+
header('Content-type: application/xrd+xml');
+
print $xrd->toXML();
}
}
function prepare($args)
{
parent::prepare($args);
+ global $config;
$this->uri = $this->trimmed('uri');
$this->uri = self::normalize($this->uri);
// Make the site invisible to non-logged-in users
// $config['site']['private'] = true;
+// Allow Cross-Origin Resource Sharing (CORS) for service discovery
+// (host-meta, XRD, etc.) Useful for AJAXy client applications. Should
+// probably NOT be on for private / intranet sites but OK for public sites.
+// Default is off.
+// $config['discovery']['cors'] = true;
+
// If your web server supports X-Sendfile (Apache with mod_xsendfile,
// lighttpd, nginx), you can enable X-Sendfile support for better
// performance. Presently, only attachment serving when the site is
),
'router' =>
array('cache' => true), // whether to cache the router object. Defaults to true, turn off for devel
+ 'discovery' =>
+ array('cors' => false) // Allow Cross-Origin Resource Sharing for service discovery (host-meta, XRD, etc.)
);
Event::handle('EndXrdActionLinks', array(&$xrd, $this->user));
}
+ if (common_config('discovery', 'cors')) {
+ header('Access-Control-Allow-Origin: *');
+ }
+
header('Content-type: application/xrd+xml');
+
print $xrd->toXML();
}