Fixed file delete path not supplying the CORS headers.
the way CORS is implemented genuinely makes no fucking sense
This commit is contained in:
parent
10937f1217
commit
9ca0587189
|
@ -194,6 +194,12 @@ class UploadsRoutes implements IRouteHandler {
|
||||||
|
|
||||||
#[Route('DELETE', '/uploads/:fileid')]
|
#[Route('DELETE', '/uploads/:fileid')]
|
||||||
public function deleteUpload($response, $request, string $fileId) {
|
public function deleteUpload($response, $request, string $fileId) {
|
||||||
|
if($request->hasHeader('Origin'))
|
||||||
|
$response->setHeader('Access-Control-Allow-Credentials', 'true');
|
||||||
|
|
||||||
|
$response->setHeader('Access-Control-Allow-Headers', 'Authorization');
|
||||||
|
$response->setHeader('Access-Control-Allow-Methods', 'OPTIONS, GET, DELETE');
|
||||||
|
|
||||||
if(!$this->authInfo->isLoggedIn())
|
if(!$this->authInfo->isLoggedIn())
|
||||||
return 401;
|
return 401;
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue