Try advanced_cors module

necyberteam · Oct 30, 2024 · 410a2f7 · 410a2f7
1 parent 72ac606
commit 410a2f7
Show file tree

Hide file tree

Showing 5 changed files with 69 additions and 20 deletions.
diff --git a/composer.json b/composer.json
@@ -72,6 +72,7 @@
     "composer/installers": "^1.2",
     "cweagans/composer-patches": "^1.6",
     "drupal/access_by_ref": "^3.0",
+    "drupal/advanced_cors": "^1.5",
     "drupal/auditfiles": "^4.1@beta",
     "drupal/better_exposed_filters": "^6.0",
     "drupal/block_exclude_pages": "^2.0",

diff --git a/composer.lock b/composer.lock
diff --git a/web/sites/default/config/default/advanced_cors.route_config.apis.yml b/web/sites/default/config/default/advanced_cors.route_config.apis.yml
@@ -0,0 +1,14 @@
+uuid: bf6f0448-48a8-4679-acd0-6f8b816a4905
+langcode: en
+status: true
+dependencies: {  }
+id: apis
+label: APIs
+weight: 0
+patterns: "/api/1.0/affinity_groups/*\r\n/api/1.0/kb/*\r\n/api/1.0/events/ag/*\r\n/api/1.1/events/ag/*\r\n"
+allowed_headers: '*'
+allowed_methods: '*'
+allowed_origins: "https://access-ci.org\r\nhttps://access-ci-org.github.io\r\nhttp://localhost:*"
+exposed_headers: ''
+max_age: ''
+supports_credentials: 'true'
diff --git a/web/sites/default/config/default/core.extension.yml b/web/sites/default/config/default/core.extension.yml
@@ -12,6 +12,7 @@ module:
   access_shortcodes: 0
   action: 0
   actions_permissions: 0
+  advanced_cors: 0
   auditfiles: 0
   automated_cron: 0
   better_exposed_filters: 0

diff --git a/web/sites/default/services.yml b/web/sites/default/services.yml
@@ -170,22 +170,3 @@ parameters:
     - sftp
     - webcal
     - rtsp
-
-  # Configure Cross-Site HTTP requests (CORS).
-  # Read https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
-  # for more information about the topic in general.
-  # Note: By default the configuration is disabled.
-  cors.config:
-    enabled: true
-    # Specify allowed headers, like 'x-allowed-header'.
-    allowedHeaders: ['x-csrf-token','authorization','content-type','accept','origin','x-requested-with', 'access-control-allow-origin','x-allowed-header','*']
-    # Specify allowed request methods, specify ['*'] to allow all possible ones.
-    allowedMethods: ['*']
-    # Configure requests allowed from specific origins.
-    allowedOrigins: ['https://access-ci-org.github.io/', 'https://access-ci.org/', 'https://*.access-ci.org/']
-    # Sets the Access-Control-Expose-Headers header.
-    exposedHeaders: false
-    # Sets the Access-Control-Max-Age header.
-    maxAge: false
-    # Sets the Access-Control-Allow-Credentials header.
-    supportsCredentials: false