Add universal CORS restriction

8 years ago · 06be7db327
parent ab9281d029
commit 06be7db327
9 changed files with 11 additions and 0 deletions
--- a/internal-api/admin/api-authentication/index.php
+++ b/internal-api/admin/api-authentication/index.php
@ -7,6 +7,7 @@ require_once(HESK_PATH . 'inc/common.inc.php');
 require_once(HESK_PATH . 'inc/admin_functions.inc.php');
 require_once(INTERNAL_API_PATH . 'core/output.php');
 require_once(INTERNAL_API_PATH . 'dao/api_authentication_dao.php');
+require_once(INTERNAL_API_PATH . 'core/cors.php');

 hesk_session_start();
 hesk_load_internal_api_database_functions();
--- a/internal-api/admin/api-settings/index.php
+++ b/internal-api/admin/api-settings/index.php
@ -7,6 +7,7 @@ require_once(HESK_PATH . 'inc/common.inc.php');
 require_once(HESK_PATH . 'inc/admin_functions.inc.php');
 require_once(INTERNAL_API_PATH . 'core/output.php');
 require_once(INTERNAL_API_PATH . 'dao/settings_dao.php');
+require_once(INTERNAL_API_PATH . 'core/cors.php');

 hesk_session_start();
 hesk_load_internal_api_database_functions();
--- a/internal-api/admin/calendar/index.php
+++ b/internal-api/admin/calendar/index.php
@ -9,6 +9,7 @@ require_once(HESK_PATH . 'inc/posting_functions.inc.php');
 require_once(HESK_PATH . 'inc/admin_functions.inc.php');
 require_once(INTERNAL_API_PATH . 'core/output.php');
 require_once(INTERNAL_API_PATH . 'dao/calendar_dao.php');
+require_once(INTERNAL_API_PATH . 'core/cors.php');

 hesk_session_start();
 hesk_load_internal_api_database_functions();
--- a/internal-api/admin/knowledgebase/upload-attachment.php
+++ b/internal-api/admin/knowledgebase/upload-attachment.php
@ -8,6 +8,7 @@ require_once(HESK_PATH . 'inc/attachments.inc.php');
 require_once(HESK_PATH . 'inc/posting_functions.inc.php');
 require_once(INTERNAL_API_PATH . 'core/output.php');
 require_once(INTERNAL_API_PATH . 'dao/attachment_dao.php');
+require_once(INTERNAL_API_PATH . 'core/cors.php');

 hesk_load_internal_api_database_functions();
 hesk_dbConnect();
--- a/internal-api/admin/message-log/index.php
+++ b/internal-api/admin/message-log/index.php
@ -6,6 +6,7 @@ require_once(HESK_PATH . 'hesk_settings.inc.php');
 require_once(HESK_PATH . 'inc/common.inc.php');
 require_once(INTERNAL_API_PATH . 'core/output.php');
 require_once(INTERNAL_API_PATH . 'dao/message_log_dao.php');
+require_once(INTERNAL_API_PATH . 'core/cors.php');

 hesk_load_internal_api_database_functions();
 hesk_dbConnect();
--- a/internal-api/calendar/index.php
+++ b/internal-api/calendar/index.php
@ -8,6 +8,7 @@ require_once(HESK_PATH . 'inc/attachments.inc.php');
 require_once(HESK_PATH . 'inc/posting_functions.inc.php');
 require_once(INTERNAL_API_PATH . 'core/output.php');
 require_once(INTERNAL_API_PATH . 'dao/calendar_dao.php');
+require_once(INTERNAL_API_PATH . 'core/cors.php');

 hesk_session_start();
 hesk_load_internal_api_database_functions();
--- a/internal-api/core/cors.php
+++ b/internal-api/core/cors.php
@ -0,0 +1,3 @@
+<?php
+
+header('Access-Control-Allow-Origin', '*');
--- a/internal-api/ticket/delete-attachment.php
+++ b/internal-api/ticket/delete-attachment.php
@ -8,6 +8,7 @@ require_once(HESK_PATH . 'inc/attachments.inc.php');
 require_once(HESK_PATH . 'inc/posting_functions.inc.php');
 require_once(INTERNAL_API_PATH . 'core/output.php');
 require_once(INTERNAL_API_PATH . 'dao/attachment_dao.php');
+require_once(INTERNAL_API_PATH . 'core/cors.php');

 hesk_load_internal_api_database_functions();
 hesk_dbConnect();
--- a/internal-api/ticket/upload-attachment.php
+++ b/internal-api/ticket/upload-attachment.php
@ -8,6 +8,7 @@ require_once(HESK_PATH . 'inc/attachments.inc.php');
 require_once(HESK_PATH . 'inc/posting_functions.inc.php');
 require_once(INTERNAL_API_PATH . 'core/output.php');
 require_once(INTERNAL_API_PATH . 'dao/attachment_dao.php');
+require_once(INTERNAL_API_PATH . 'core/cors.php');

 hesk_load_internal_api_database_functions();
 hesk_dbConnect();