From 6df8de6960fc71411fd67ca403ede4ba99013eec Mon Sep 17 00:00:00 2001 From: root Date: Wed, 24 Nov 2021 16:09:26 +0000 Subject: [PATCH 1/3] ->withHeader('Access-Control-Allow-Origin', '*') --- solid/lib/Controller/ServerController.php | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/solid/lib/Controller/ServerController.php b/solid/lib/Controller/ServerController.php index ffc4591e..8c05d749 100644 --- a/solid/lib/Controller/ServerController.php +++ b/solid/lib/Controller/ServerController.php @@ -117,7 +117,7 @@ public function openid() { $response = new \Laminas\Diactoros\Response(); $server = new \Pdsinterop\Solid\Auth\Server($this->authServerFactory, $this->authServerConfig, $response); $response = $server->respondToOpenIdMetadataRequest(); - return $this->respond($response); + return $this->respond($response)->withHeader('Access-Control-Allow-Origin', '*'); } /** @@ -129,7 +129,7 @@ public function authorize() { if (!$this->userManager->userExists($this->userId)) { $result = new JSONResponse('Authorization required'); $result->setStatus(401); - return $result; + return $result->withHeader('Access-Control-Allow-Origin', '*'); } $parser = new \Lcobucci\JWT\Parser(); @@ -154,7 +154,7 @@ public function authorize() { } catch(\Exception $e) { $result = new JSONResponse('Bad request, missing redirect uri'); $result->setStatus(400); - return $result; + return $result->withHeader('Access-Control-Allow-Origin', '*'); } } $clientId = $getVars['client_id']; @@ -164,7 +164,7 @@ public function authorize() { $result->setStatus(302); $approvalUrl = $this->urlGenerator->getAbsoluteURL($this->urlGenerator->linkToRoute("solid.page.approval", array("clientId" => $clientId, "returnUrl" => $_SERVER['REQUEST_URI']))); $result->addHeader("Location", $approvalUrl); - return $result; + return $result->withHeader('Access-Control-Allow-Origin', '*'); } $user = new \Pdsinterop\Solid\Auth\Entity\User(); @@ -177,7 +177,7 @@ public function authorize() { $response = $server->respondToAuthorizationRequest($request, $user, $approval); $response = $this->tokenGenerator->addIdTokenToResponse($response, $clientId, $this->getProfilePage(), $this->session->get("nonce"), $this->config->getPrivateKey()); - return $this->respond($response); + return $this->respond($response)->withHeader('Access-Control-Allow-Origin', '*'); } private function checkApproval($clientId) { @@ -250,7 +250,7 @@ public function token() { $codeInfo = $this->tokenGenerator->getCodeInfo($code); $response = $this->tokenGenerator->addIdTokenToResponse($response, $clientId, $codeInfo['user_id'], $_SESSION['nonce'], $this->config->getPrivateKey(), $dpopKey); - return $this->respond($response); + return $this->respond($response)->withHeader('Access-Control-Allow-Origin', '*'); } /** @@ -297,7 +297,7 @@ public function register() { $registration = $this->tokenGenerator->respondToRegistration($registration, $this->config->getPrivateKey()); - return new JSONResponse($registration); + return (new JSONResponse($registration))->addHeader('Access-Control-Allow-Origin', 'https://noeldemartin.github.io'); } /** @@ -348,6 +348,7 @@ private function respond($response) { } } $result->setStatus($statusCode); + $result->addHeader('Access-Control-Allow-Origin', '*'); return $result; } From 8dcffbfa838286196474a1cc7bf55c005e4ee7c2 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 30 Nov 2021 13:17:42 +0000 Subject: [PATCH 2/3] fix JsonResponse withHeader --- solid/lib/Controller/ServerController.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/solid/lib/Controller/ServerController.php b/solid/lib/Controller/ServerController.php index 8c05d749..cfb3bcc9 100644 --- a/solid/lib/Controller/ServerController.php +++ b/solid/lib/Controller/ServerController.php @@ -117,7 +117,7 @@ public function openid() { $response = new \Laminas\Diactoros\Response(); $server = new \Pdsinterop\Solid\Auth\Server($this->authServerFactory, $this->authServerConfig, $response); $response = $server->respondToOpenIdMetadataRequest(); - return $this->respond($response)->withHeader('Access-Control-Allow-Origin', '*'); + return $this->respond($response->withHeader('Access-Control-Allow-Origin', '*')); } /** From d4ec5b45fffeacf051550e4cc4e9d9d92a81ab6c Mon Sep 17 00:00:00 2001 From: root Date: Tue, 30 Nov 2021 14:19:26 +0000 Subject: [PATCH 3/3] More cors headers --- solid/lib/Controller/ProfileController.php | 5 +++- solid/lib/Controller/ServerController.php | 31 +++++++++++++--------- solid/lib/Controller/StorageController.php | 5 ++++ 3 files changed, 28 insertions(+), 13 deletions(-) diff --git a/solid/lib/Controller/ProfileController.php b/solid/lib/Controller/ProfileController.php index 2f243984..0e0affa6 100644 --- a/solid/lib/Controller/ProfileController.php +++ b/solid/lib/Controller/ProfileController.php @@ -246,7 +246,10 @@ private function respond($response) { $result->addHeader($header, $value); } } - + $origin = $_SERVER['HTTP_ORIGIN']; + $result->addHeader('Access-Control-Allow-Credentials', 'true'); + $result->addHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization'); + $result->addHeader('Access-Control-Allow-Origin', $origin); $result->setStatus($statusCode); return $result; } diff --git a/solid/lib/Controller/ServerController.php b/solid/lib/Controller/ServerController.php index cfb3bcc9..362c0d01 100644 --- a/solid/lib/Controller/ServerController.php +++ b/solid/lib/Controller/ServerController.php @@ -105,7 +105,13 @@ private function createAuthServerConfig() { * @NoCSRFRequired */ public function cors($path) { - return true; + $origin = $_SERVER['HTTP_ORIGIN']; + error_log('Allowing in OPTIONS:' . $origin); + return (new DataResponse('OK')) + ->addHeader('Access-Control-Allow-Origin', $origin) + ->addHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization') + ->addHeader('Access-Control-Allow-Methods', 'POST') + ->addHeader('Access-Control-Allow-Credentials', 'true'); } /** @@ -117,7 +123,7 @@ public function openid() { $response = new \Laminas\Diactoros\Response(); $server = new \Pdsinterop\Solid\Auth\Server($this->authServerFactory, $this->authServerConfig, $response); $response = $server->respondToOpenIdMetadataRequest(); - return $this->respond($response->withHeader('Access-Control-Allow-Origin', '*')); + return $this->respond($response->addHeader('Access-Control-Allow-Origin', '*')); } /** @@ -129,7 +135,7 @@ public function authorize() { if (!$this->userManager->userExists($this->userId)) { $result = new JSONResponse('Authorization required'); $result->setStatus(401); - return $result->withHeader('Access-Control-Allow-Origin', '*'); + return $result->addHeader('Access-Control-Allow-Origin', '*'); } $parser = new \Lcobucci\JWT\Parser(); @@ -154,7 +160,7 @@ public function authorize() { } catch(\Exception $e) { $result = new JSONResponse('Bad request, missing redirect uri'); $result->setStatus(400); - return $result->withHeader('Access-Control-Allow-Origin', '*'); + return $result->addHeader('Access-Control-Allow-Origin', '*'); } } $clientId = $getVars['client_id']; @@ -164,7 +170,7 @@ public function authorize() { $result->setStatus(302); $approvalUrl = $this->urlGenerator->getAbsoluteURL($this->urlGenerator->linkToRoute("solid.page.approval", array("clientId" => $clientId, "returnUrl" => $_SERVER['REQUEST_URI']))); $result->addHeader("Location", $approvalUrl); - return $result->withHeader('Access-Control-Allow-Origin', '*'); + return $result->addHeader('Access-Control-Allow-Origin', '*'); } $user = new \Pdsinterop\Solid\Auth\Entity\User(); @@ -177,7 +183,7 @@ public function authorize() { $response = $server->respondToAuthorizationRequest($request, $user, $approval); $response = $this->tokenGenerator->addIdTokenToResponse($response, $clientId, $this->getProfilePage(), $this->session->get("nonce"), $this->config->getPrivateKey()); - return $this->respond($response)->withHeader('Access-Control-Allow-Origin', '*'); + return $this->respond($response)->addHeader('Access-Control-Allow-Origin', '*'); } private function checkApproval($clientId) { @@ -250,7 +256,7 @@ public function token() { $codeInfo = $this->tokenGenerator->getCodeInfo($code); $response = $this->tokenGenerator->addIdTokenToResponse($response, $clientId, $codeInfo['user_id'], $_SESSION['nonce'], $this->config->getPrivateKey(), $dpopKey); - return $this->respond($response)->withHeader('Access-Control-Allow-Origin', '*'); + return $this->respond($response)->addHeader('Access-Control-Allow-Origin', '*'); } /** @@ -271,7 +277,7 @@ public function logout() { $this->userService->logout(); return new JSONResponse("ok"); } - + /** * @PublicPage * @NoAdminRequired @@ -285,7 +291,7 @@ public function register() { } $clientData['client_id_issued_at'] = time(); $parsedOrigin = parse_url($clientData['redirect_uris'][0]); - $origin = $parsedOrigin['host']; + $origin = 'https://' . $parsedOrigin['host']; $clientId = $this->config->saveClientRegistration($origin, $clientData); $registration = array( @@ -294,10 +300,11 @@ public function register() { 'client_id_issued_at' => $clientData['client_id_issued_at'], 'redirect_uris' => $clientData['redirect_uris'], ); - + error_log('allowingin POST:' . $origin); $registration = $this->tokenGenerator->respondToRegistration($registration, $this->config->getPrivateKey()); - - return (new JSONResponse($registration))->addHeader('Access-Control-Allow-Origin', 'https://noeldemartin.github.io'); + return (new JSONResponse($registration)) + ->addHeader('Access-Control-Allow-Origin', $origin) + ->addHeader('Access-Control-Allow-Methods', 'POST'); } /** diff --git a/solid/lib/Controller/StorageController.php b/solid/lib/Controller/StorageController.php index 8bd0794b..5d8efa79 100644 --- a/solid/lib/Controller/StorageController.php +++ b/solid/lib/Controller/StorageController.php @@ -388,6 +388,11 @@ private function respond($response) { $result->addHeader($header, $value); } } + $origin = $_SERVER['HTTP_ORIGIN']; + $result->addHeader('Access-Control-Allow-Credentials', 'true'); + $result->addHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization'); + $result->addHeader('Access-Control-Allow-Origin', $origin); + $result->setStatus($statusCode); return $result;