MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

new: Add CORS settings for external integration

pull/4157/head
Hannah Ward 2019-02-14 16:32:50 +00:00
parent f89c3b53a6
commit 451a9db3a1
No known key found for this signature in database
GPG Key ID: 6F3BAD60DE190290
2 changed files with 33 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
app/Controller/AppController.php
View File

@ -103,6 +103,21 @@ class AppController extends Controller
public function beforeFilter()
{
if (Configure::read('Security.allow_cors')) {
// Add CORS headers
$this->response->cors($this->request,
explode(',', Configure::read('Security.cors_origins')),
['*'],
['Origin', 'Content-Type', 'Authorization', 'Accept']);
if ($this->request->is('options')) {
// Stop here!
// CORS only needs the headers
$this->response->send();
$this->_stop();
}
}
if (!empty($this->params['named']['sql'])) {
$this->sql_dump = 1;
}

18
app/Model/Server.php
View File

@ -1105,6 +1105,24 @@ class Server extends AppModel
'test' => 'testBoolFalse',
'type' => 'boolean',
'null' => true
),
'allow_cors' => array(
'level' => 1,
'description' => __('Allow cross-origin requests to this instance, matching origins given in Security.cors_origins. Set to false to totally disable'),
'value' => false,
'errorMessage' => '',
'test' => 'testBool',
'type' => 'boolean',
'null' => true
),
'cors_origins' => array(
'level' => 1,
'description' => __('Set the origins from which MISP will allow cross-origin requests. Useful for external integration. Comma seperate if you need more than one.'),
'value' => '',
'errorMessage' => '',
'test' => 'testForEmpty',
'type' => 'string',
'null' => true
)
),
'SecureAuth' => array(