search

neuland-ingolstadt / neuland.app

A free & open source, web-based replacement for the official app of the Technische Hochschule Ingolstadt built with React and Next.js.
https://neuland.app
GNU Affero General Public License v3.0
36 stars 33 forks source link

Create and test CORS example headers #279

Closed M4GNV5 closed 12 months ago

M4GNV5 commented 1 year ago

Is your feature request related to a problem? Please describe. The current THI API does not have CORS. The future test THI API has CORS, which was added using code we provided. Yesterday we found out the code does not fully work. It seems completely broken in Firefox and is furthermore missing allowed-headers which are required by the new API.

Describe the solution you'd like In order to give proper code to THI for incorperating into their API we should test the CORS PHP code ourself with different browsers before giving it to them.

Additional context old code we provided:

if ($_SERVER['HTTP_ORIGIN'] == 'https://neuland.app' || $_SERVER['HTTP_ORIGIN'] == 'https://dev.neuland.app') {
  header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);
  header('Access-Control-Max-Age: 7200');
}

Firefox CORS error (even though the header is provided): image

Chrome CORS error because of missing allow-headers: image

M4GNV5 commented 1 year ago

I had a phone call with Mr. Z yesterday. Apparently they configured the CORS options using their webserver and did not use our PHP code. This means we probably do not need to provide PHP code, but we do need to test and provide actually working header options.