mahdahar/crm-summit
1
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update Cors Policy for CLQMS

Browse Source
This commit is contained in:
mikael-zakaria 2025-10-21 21:59:15 +07:00
parent b88b587358
commit 9deab403d7
2 changed files with 31 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/Config/Filters.php
View File

@ -33,8 +33,8 @@ class Filters extends BaseFilters
'forcehttps' => ForceHTTPS::class, 'forcehttps' => ForceHTTPS::class,
'pagecache' => PageCache::class, 'pagecache' => PageCache::class,
'performance' => PerformanceMetrics::class, 'performance' => PerformanceMetrics::class,
'auth' => \App\Filters\Auth::class,
'cors' => \App\Filters\Cors::class, 'cors' => \App\Filters\Cors::class,
'auth' => \App\Filters\Auth::class,
]; ];
/** /**
@ -74,6 +74,7 @@ class Filters extends BaseFilters
*/ */
public array $globals = [ public array $globals = [
'before' => [ 'before' => [
'cors',
'auth' => [ 'except' => [ 'auth' => [ 'except' => [
'auth/*', 'lqms/*', 'key/*', 'api/*' 'auth/*', 'lqms/*', 'key/*', 'api/*'
]] ]]

31
app/Filters/Cors.php
View File

@ -6,21 +6,46 @@ use CodeIgniter\Filters\FilterInterface;
class Cors implements FilterInterface class Cors implements FilterInterface
{ {
protected $allowedOrigins = [
'http://localhost:5173',
'https://clqms01.services-summit.my.id',
];
public function before(RequestInterface $request, $arguments = null) public function before(RequestInterface $request, $arguments = null)
{ {
header('Access-Control-Allow-Origin: *'); // header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE'); // header('Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE');
header('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With, X-CSRF-TOKEN'); // header('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With, X-CSRF-TOKEN');
// Handle preflight requests // Handle preflight requests
// if ($request->getMethod() === 'options') { // if ($request->getMethod() === 'options') {
// header('HTTP/1.1 200 OK'); // header('HTTP/1.1 200 OK');
// exit(); // exit();
// } // }
// log_message('debug', 'Cors Filter Triggered First');
$origin = $_SERVER['HTTP_ORIGIN'] ?? '';
$response = service('response');
if (in_array($origin, $this->allowedOrigins)) {
$response->setHeader('Access-Control-Allow-Origin', $origin);
$response->setHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, PATCH, DELETE, OPTIONS');
$response->setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization, X-Requested-With, Accept, Origin, Cache-Control, Pragma, X-CSRF-TOKEN');
// $response->setHeader('Access-Control-Allow-Headers', '*');
$response->setHeader('Access-Control-Allow-Credentials', 'true');
}
// Tangani preflight OPTIONS dengan return response
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
// log_message('debug', 'Cors Filter Triggered OK');
return $response->setStatusCode(200)->setBody('OK');
}
// log_message('debug', 'Cors Filter Triggered Second');
} }
public function after(RequestInterface $request, ResponseInterface $response, $arguments = null) public function after(RequestInterface $request, ResponseInterface $response, $arguments = null)
{ {
// No actions required after the request // No actions required after the request
return $response;
} }
} }