From: Zach Copley Date: Fri, 8 Jul 2011 00:19:59 +0000 (-0700) Subject: Change a few things around for CORS header output X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=969a558339d63c67b18f1d28893992299af38a62;p=quix0rs-gnu-social.git Change a few things around for CORS header output --- diff --git a/actions/hostmeta.php b/actions/hostmeta.php index 4c9e9b8ae5..fdebcf13af 100644 --- a/actions/hostmeta.php +++ b/actions/hostmeta.php @@ -44,6 +44,7 @@ class HostMetaAction extends Action function handle() { parent::handle(); + common_debug("GARGARGAR"); $domain = common_config('site', 'server'); @@ -59,11 +60,13 @@ class HostMetaAction extends Action Event::handle('EndHostMetaLinks', array(&$xrd->links)); } - global $config; - if($config['site']['cors'] === true){ + // Output Cross-Origin Resource Sharing (CORS) header + if (common_config('discovery', 'cors')) { header('Access-Control-Allow-Origin: *'); } + header('Content-type: application/xrd+xml'); + print $xrd->toXML(); } } diff --git a/actions/userxrd.php b/actions/userxrd.php index 4ba7f91c7e..6fa738a5c9 100644 --- a/actions/userxrd.php +++ b/actions/userxrd.php @@ -31,9 +31,6 @@ class UserxrdAction extends XrdAction { parent::prepare($args); global $config; - if($config['site']['cors'] === true){ - header('Access-Control-Allow-Origin: *'); - } $this->uri = $this->trimmed('uri'); $this->uri = self::normalize($this->uri); diff --git a/config.php.sample b/config.php.sample index 8ddac67417..87a1977b5f 100644 --- a/config.php.sample +++ b/config.php.sample @@ -40,8 +40,12 @@ $config['site']['path'] = 'statusnet'; // $config['site']['inviteonly'] = true; // Make the site invisible to non-logged-in users // $config['site']['private'] = true; -// Allow Cross-Origin Resource Sharing -// $config['site']['cors'] = true; + +// Allow Cross-Origin Resource Sharing (CORS) for service discovery +// (host-meta, XRD, etc.) Useful for AJAXy client applications. Should +// probably NOT be on for private / intranet sites but OK for public sites. +// Default is off. +// $config['discovery']['cors'] = true; // If your web server supports X-Sendfile (Apache with mod_xsendfile, // lighttpd, nginx), you can enable X-Sendfile support for better diff --git a/lib/default.php b/lib/default.php index 51d62ed767..a1f1ed6d8f 100644 --- a/lib/default.php +++ b/lib/default.php @@ -61,7 +61,6 @@ $default = 'textlimit' => 140, 'indent' => true, 'use_x_sendfile' => false, - 'cors' => true, 'notice' => null, // site wide notice text 'build' => 1, // build number, for code-dependent cache 'minify' => true, // true to use the minified versions of JS files; false to use orig files. Can aid during development @@ -350,4 +349,6 @@ $default = ), 'router' => array('cache' => true), // whether to cache the router object. Defaults to true, turn off for devel + 'discovery' => + array('cors' => false) // Allow Cross-Origin Resource Sharing for service discovery (host-meta, XRD, etc.) ); diff --git a/lib/xrdaction.php b/lib/xrdaction.php index a0e7a1c415..3d55204f41 100644 --- a/lib/xrdaction.php +++ b/lib/xrdaction.php @@ -117,7 +117,12 @@ class XrdAction extends Action Event::handle('EndXrdActionLinks', array(&$xrd, $this->user)); } + if (common_config('discovery', 'cors')) { + header('Access-Control-Allow-Origin: *'); + } + header('Content-type: application/xrd+xml'); + print $xrd->toXML(); }