Skip to content

Commit

Permalink
fix: allow CORS requests for product image move (#10920)
Browse files Browse the repository at this point in the history
It's required by Nutripatrol to perform image deletion from
nutripatrol.openfoodfacts.org
@Valimp FYI
  • Loading branch information
raphael0202 authored Oct 22, 2024
1 parent d56760a commit 967a47e
Showing 1 changed file with 14 additions and 0 deletions.
14 changes: 14 additions & 0 deletions cgi/product_image_move.pl
Original file line number Diff line number Diff line change
Expand Up @@ -28,12 +28,14 @@
use ProductOpener::Store qw/:all/;
use ProductOpener::Index qw/:all/;
use ProductOpener::Display qw/:all/;
use ProductOpener::HTTP qw/write_cors_headers/;
use ProductOpener::Lang qw/$lc/;
use ProductOpener::Tags qw/:all/;
use ProductOpener::Users qw/$Org_id $Owner_id $User_id %User/;
use ProductOpener::Images qw/process_image_move/;
use ProductOpener::Products qw/:all/;

use Apache2::Const -compile => qw(M_OPTIONS);
use CGI qw/:cgi :form escapeHTML/;
use URI::Escape::XS;
use Storable qw/dclone/;
Expand Down Expand Up @@ -76,6 +78,18 @@
$log->debug("parsing code", {user => $User_id, code => $code, cc => $request_ref->{cc}, lc => $lc, ip => remote_addr()})
if $log->is_debug();

# Add a CORS header to allow cross-domain requests (especially from Nutripatrol)
my $r = Apache2::RequestUtil->request();
# We need to allows credentials (cookies) to authenticate the user
my $allow_credentials = 1;
my $sub_domain_only = 1;
write_cors_headers($allow_credentials, $sub_domain_only);

# If the requests is an OPTIONS request, we return the headers and exit
if ($r->method_number == Apache2::Const::M_OPTIONS) {
exit(0);
}

if ((not defined $code) or ($code eq '')) {

$log->warn("no code");
Expand Down

0 comments on commit 967a47e

Please sign in to comment.