| Línea 139... |
Línea 139... |
| 139 |
|
139 |
|
| 140 |
$response = $event->getResponse();
|
140 |
$response = $event->getResponse();
|
| 141 |
$request = $event->getRequest();
|
141 |
$request = $event->getRequest();
|
| Línea -... |
Línea 142... |
| - |
|
142 |
$serviceManager = $event->getApplication()->getServiceManager();
|
| 142 |
$serviceManager = $event->getApplication()->getServiceManager();
|
143 |
|
| 143 |
|
144 |
// --- Configuración CORS con whitelist ---
|
| Línea 144... |
Línea 145... |
| 144 |
$whitelistString = $this->config['leaderslinked.cors.allowed_origins'] ?? '';
|
145 |
$whitelistString = $this->config['leaderslinked.cors.allowed_origins'] ?? '';
|
| 145 |
$allowedOrigins = array_map('trim', explode(',', $whitelistString));
|
146 |
$allowedOrigins = array_map('trim', explode(',', $whitelistString));
|
| Línea 152... |
Línea 153... |
| 152 |
|
153 |
|
| 153 |
error_log("CORS Check - Origen de la solicitud: " . $origin);
|
154 |
error_log("CORS Check - Origen de la solicitud: " . $origin);
|
| Línea 154... |
Línea 155... |
| 154 |
error_log("CORS Check - Whitelist cargada: " . implode(', ', $allowedOrigins));
|
155 |
error_log("CORS Check - Whitelist cargada: " . implode(', ', $allowedOrigins));
|
| 155 |
|
156 |
|
| 156 |
if (in_array($origin, $allowedOrigins)) {
|
157 |
if (in_array($origin, $allowedOrigins)) {
|
| 157 |
$headers = $response->getHeaders();
|
158 |
$responseHeaders = $response->getHeaders();
|
| 158 |
$headers->addHeaderLine('Access-Control-Allow-Origin', $origin);
|
159 |
$responseHeaders->addHeaderLine('Access-Control-Allow-Origin', $origin);
|
| 159 |
$headers->addHeaderLine('Access-Control-Allow-Credentials', 'true');
|
160 |
$responseHeaders->addHeaderLine('Access-Control-Allow-Credentials', 'true');
|
| 160 |
$headers->addHeaderLine('Access-Control-Allow-Headers', 'Authorization, Content-Type, token, secret, rand, created, x-csrf-token');
|
161 |
$responseHeaders->addHeaderLine('Access-Control-Allow-Headers', 'Authorization, Content-Type, token, secret, rand, created, x-csrf-token');
|
| Línea -... |
Línea 162... |
| - |
|
162 |
$responseHeaders->addHeaderLine('Access-Control-Allow-Methods', 'POST, GET, OPTIONS, PUT, DELETE, PATCH');
|
| - |
|
163 |
$responseHeaders->addHeaderLine('Access-Control-Max-Age', '86400');
|
| - |
|
164 |
|
| 161 |
$headers->addHeaderLine('Access-Control-Allow-Methods', 'POST, GET, OPTIONS, PUT, DELETE');
|
165 |
error_log("CORS Check - Headers añadidos correctamente para: " . $origin);
|
| 162 |
$headers->addHeaderLine('Access-Control-Max-Age', '86400');
|
166 |
} else {
|
| Línea -... |
Línea 167... |
| - |
|
167 |
error_log("CORS Check - Origen NO permitido: " . $origin);
|
| - |
|
168 |
}
|
| - |
|
169 |
}
|
| - |
|
170 |
|
| - |
|
171 |
// Manejar solicitudes OPTIONS (preflight)
|
| - |
|
172 |
if ($request->isOptions()) {
|
| - |
|
173 |
error_log("CORS Check - Solicitud OPTIONS detectada, enviando respuesta 200");
|
| - |
|
174 |
$response->setStatusCode(200);
|
| 163 |
|
175 |
$event->setResponse($response);
|
| Línea 164... |
Línea 176... |
| 164 |
}
|
176 |
return $response;
|
| 165 |
}
|
177 |
}
|
| 166 |
|
178 |
|