mirror of https://github.com/MISP/MISP
new: Add CORS settings for external integration
parent
f89c3b53a6
commit
451a9db3a1
|
@ -103,6 +103,21 @@ class AppController extends Controller
|
|||
|
||||
public function beforeFilter()
|
||||
{
|
||||
if (Configure::read('Security.allow_cors')) {
|
||||
// Add CORS headers
|
||||
$this->response->cors($this->request,
|
||||
explode(',', Configure::read('Security.cors_origins')),
|
||||
['*'],
|
||||
['Origin', 'Content-Type', 'Authorization', 'Accept']);
|
||||
|
||||
if ($this->request->is('options')) {
|
||||
// Stop here!
|
||||
// CORS only needs the headers
|
||||
$this->response->send();
|
||||
$this->_stop();
|
||||
}
|
||||
}
|
||||
|
||||
if (!empty($this->params['named']['sql'])) {
|
||||
$this->sql_dump = 1;
|
||||
}
|
||||
|
|
|
@ -1105,6 +1105,24 @@ class Server extends AppModel
|
|||
'test' => 'testBoolFalse',
|
||||
'type' => 'boolean',
|
||||
'null' => true
|
||||
),
|
||||
'allow_cors' => array(
|
||||
'level' => 1,
|
||||
'description' => __('Allow cross-origin requests to this instance, matching origins given in Security.cors_origins. Set to false to totally disable'),
|
||||
'value' => false,
|
||||
'errorMessage' => '',
|
||||
'test' => 'testBool',
|
||||
'type' => 'boolean',
|
||||
'null' => true
|
||||
),
|
||||
'cors_origins' => array(
|
||||
'level' => 1,
|
||||
'description' => __('Set the origins from which MISP will allow cross-origin requests. Useful for external integration. Comma seperate if you need more than one.'),
|
||||
'value' => '',
|
||||
'errorMessage' => '',
|
||||
'test' => 'testForEmpty',
|
||||
'type' => 'string',
|
||||
'null' => true
|
||||
)
|
||||
),
|
||||
'SecureAuth' => array(
|
||||
|
|
Loading…
Reference in New Issue