summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorctucx <leah@antifa.jetzt>2020-06-27 20:47:05 +0200
committerctucx <leah@antifa.jetzt>2020-06-27 20:47:05 +0200
commit7e33173c2c49284044a0660efbcdc8c2082be39b (patch)
tree36c33b03444dce1f5fa79b02b7ab2662f87fb5cb
parent1eaf3102b69aa96473ae30fdc33ce09fb345b11f (diff)
downloadtinyDAV-7e33173c2c49284044a0660efbcdc8c2082be39b.tar.gz
tinyDAV-7e33173c2c49284044a0660efbcdc8c2082be39b.tar.bz2
tinyDAV-7e33173c2c49284044a0660efbcdc8c2082be39b.zip
added cors preflight
-rw-r--r--public/dav.php11
1 files changed, 11 insertions, 0 deletions
diff --git a/public/dav.php b/public/dav.php
index 42b17f4..6773736 100644
--- a/public/dav.php
+++ b/public/dav.php
@@ -10,6 +10,17 @@ date_default_timezone_set('Europe/Berlin');
header("Access-Control-Allow-Origin: *");
+if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
+ // return only the headers and not the content
+ // only allow CORS if we're doing a GET - i.e. no saving for now.
+ if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']) &&
+ $_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD'] == 'GET') {
+ header('Access-Control-Allow-Origin: *');
+ header('Access-Control-Allow-Headers: X-Requested-With');
+ }
+ exit;
+}
+
if (!file_exists('vendor/')) {
die('<h1>Incomplete installation</h1>Dependencies have not been installed.');
}