nas
/
todo_api
Watch 2
Star 1
Fork 0
Code Issues 1 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

support jwt+cors

Maurits van der Schee 6 years ago
parent
d0d94ba757
commit
dc9ba7d1fa
3 changed files with 4 additions and 4 deletions
Split View Show Diff Stats
  1. 1
    1
      api.php
  2. 2
    2
      examples/clients/auth0/vanilla.html
  3. 1
    1
      src/Tqdev/PhpCrudApi/Middleware/CorsMiddleware.php

+ 1
- 1
api.php View File 

@@ -3117,7 +3117,7 @@ class CorsMiddleware extends Middleware
3117 3117 
             $response = $this->responder->error(ErrorCode::ORIGIN_FORBIDDEN, $origin);
3118 3118 
         } elseif ($method == 'OPTIONS') {
3119 3119 
             $response = new Response(Response::OK, '');
3120 
-            $allowHeaders = $this->getProperty('allowHeaders', 'Content-Type, X-XSRF-TOKEN');
3120 
+            $allowHeaders = $this->getProperty('allowHeaders', 'Content-Type, X-XSRF-TOKEN, X-Authorization');
3121 3121 
             if ($allowHeaders) {
3122 3122 
                 $response->addHeader('Access-Control-Allow-Headers', $allowHeaders);
3123 3123 
             }

+ 2
- 2
examples/clients/auth0/vanilla.html View File 

@@ -2,14 +2,14 @@
2 2 
 <head>
3 3 
 <meta charset="utf-8" />
4 4 
 <script>
5 
-var domain = ''; // hostname ending in '.auth0.com'
5 
+var authUrl = 'https://php-crud-api.auth0.com/authorize'; // hostname ending in '.auth0.com'
6 6 
 var clientId = ''; // client id as defined in auth0
7 7 
 var audience = ''; // api audience as defined in auth0
8 8 
 window.onload = function () {
9 9 
     var match = RegExp('[#&]access_token=([^&]*)').exec(window.location.hash);
10 10 
     var accessToken = match && decodeURIComponent(match[1].replace(/\+/g, ' '));
11 11 
     if (!accessToken) {
12 
-        document.location = 'https://'+domain+'/authorize?audience='+audience+'&response_type=token&client_id='+clientId+'&redirect_uri='+document.location.href;
12 
+        document.location = authUrl+'?audience='+audience+'&response_type=token&client_id='+clientId+'&redirect_uri='+document.location.href;
13 13 
     } else {
14 14 
         document.location.hash = '';
15 15 
         var req = new XMLHttpRequest();

+ 1
- 1
src/Tqdev/PhpCrudApi/Middleware/CorsMiddleware.php View File 

@@ -32,7 +32,7 @@ class CorsMiddleware extends Middleware
32 32 
             $response = $this->responder->error(ErrorCode::ORIGIN_FORBIDDEN, $origin);
33 33 
         } elseif ($method == 'OPTIONS') {
34 34 
             $response = new Response(Response::OK, '');
35 
-            $allowHeaders = $this->getProperty('allowHeaders', 'Content-Type, X-XSRF-TOKEN');
35 
+            $allowHeaders = $this->getProperty('allowHeaders', 'Content-Type, X-XSRF-TOKEN, X-Authorization');
36 36 
             if ($allowHeaders) {
37 37 
                 $response->addHeader('Access-Control-Allow-Headers', $allowHeaders);
38 38 
             }

Write Preview
Loading…
Cancel
Save