make cors header deactivatable

This commit is contained in:
flyingmana 2011-06-29 22:39:33 +02:00
parent 62977ad4f2
commit 3c47d158f4
4 changed files with 11 additions and 2 deletions

View File

@ -59,7 +59,10 @@ class HostMetaAction extends Action
Event::handle('EndHostMetaLinks', array(&$xrd->links));
}
header('Access-Control-Allow-Origin: *');
global $config;
if($config['site']['cors'] === true){
header('Access-Control-Allow-Origin: *');
}
header('Content-type: application/xrd+xml');
print $xrd->toXML();
}

View File

@ -30,7 +30,10 @@ class UserxrdAction extends XrdAction
function prepare($args)
{
parent::prepare($args);
header('Access-Control-Allow-Origin: *');
global $config;
if($config['site']['cors'] === true){
header('Access-Control-Allow-Origin: *');
}
$this->uri = $this->trimmed('uri');
$this->uri = self::normalize($this->uri);

View File

@ -40,6 +40,8 @@ $config['site']['path'] = 'statusnet';
// $config['site']['inviteonly'] = true;
// Make the site invisible to non-logged-in users
// $config['site']['private'] = true;
// Allow Cross-Origin Resource Sharing
// $config['site']['cors'] = true;
// If your web server supports X-Sendfile (Apache with mod_xsendfile,
// lighttpd, nginx), you can enable X-Sendfile support for better

View File

@ -61,6 +61,7 @@ $default =
'textlimit' => 140,
'indent' => true,
'use_x_sendfile' => false,
'cors' => true,
'notice' => null, // site wide notice text
'build' => 1, // build number, for code-dependent cache
),