Add Access-Control-Allow-Origin header, if not already present.

simplesamlphp · Sep 30, 2022 · 36f12eb · 36f12eb
1 parent 0948322
commit 36f12eb
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/lib/Services/RoutingService.php b/lib/Services/RoutingService.php
@@ -81,12 +81,23 @@ private static function callController($container, string $controllerClassname):
                 $response->data['messages'] = $container->get(SessionMessagesService::class)->getMessages();
             }
 
+            // If not already handled, allow CORS (for JS clients).
+            if (!$response->headers->has('Access-Control-Allow-Origin')) {
+                $response->headers->set('Access-Control-Allow-Origin', '*');
+            }
+
+
             $response->send();
 
             return;
         }
 
         if ($response instanceof ResponseInterface) {
+            // If not already handled, allow CORS (for JS clients).
+            if (!$response->hasHeader('Access-Control-Allow-Origin')) {
+                $response = $response->withHeader('Access-Control-Allow-Origin', '*');
+            }
+
             $emitter = new SapiEmitter();
 
             $emitter->emit($response);