From 61453305878f2661d07e377bd39ca269c491762d Mon Sep 17 00:00:00 2001 From: Jiri Slezka Date: Fri, 21 Aug 2020 12:07:27 +0200 Subject: [PATCH] support for custom headers in Access-Control-Allow-Headers --- source/Jacwright/RestServer/RestServer.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/source/Jacwright/RestServer/RestServer.php b/source/Jacwright/RestServer/RestServer.php index 9e84b47..509dfb0 100755 --- a/source/Jacwright/RestServer/RestServer.php +++ b/source/Jacwright/RestServer/RestServer.php @@ -56,6 +56,7 @@ class RestServer { public $useCors = false; public $allowedOrigin = '*'; + public $allowedHeaders = ''; protected $data = null; // special parameter for post data protected $query = null; // special parameter for query string @@ -568,12 +569,17 @@ private function corsHeaders() { if (in_array($currentOrigin, $allowedOrigin)) { $allowedOrigin = array($currentOrigin); // array ; if there is a match then only one is enough } + // test if we want to add custome headers to Access-Control-Allow-Headers + $customHeaders = ''; + if (is_array($this->allowedHeaders) && !empty($this->allowedHeaders)) { + $customHeaders = ", ".implode(", ",$this->allowedHeaders); + } foreach($allowedOrigin as $allowed_origin) { // to support multiple origins header("Access-Control-Allow-Origin: $allowed_origin"); } header('Access-Control-Allow-Methods: GET,POST,PUT,DELETE,OPTIONS'); header('Access-Control-Allow-Credential: true'); - header('Access-Control-Allow-Headers: X-Requested-With, content-type, access-control-allow-origin, access-control-allow-methods, access-control-allow-headers, Authorization'); + header('Access-Control-Allow-Headers: X-Requested-With, content-type, access-control-allow-origin, access-control-allow-methods, access-control-allow-headers, Authorization'.$customHeaders); } private $codes = array(