enable cors - admin setting

apppresser · Aug 2, 2018 · 2215d5c · 2215d5c
1 parent 98aaa39
commit 2215d5c
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 0 deletions.
diff --git a/apppresser.php b/apppresser.php
@@ -110,6 +110,8 @@ function __construct() {
 		// Hook in all our important pieces
 		add_action( 'plugins_loaded', array( $this, 'includes' ) );
 		add_action( 'admin_init', array( $this, 'check_appp_licenses' ) );
+		add_action( 'init', array( $this, 'myappp_cors') );
+		add_action( 'send_headers', array( $this, 'app_cors_header' ) );
 		add_action( 'wp_enqueue_scripts', array( $this, 'frontend_scripts' ), 8 );
 		add_action( 'wp_head', array( $this, 'do_appp_script' ), 1 );
 		add_action( 'wp_enqueue_scripts', array( $this, 'ajax_login_init' ) );
@@ -152,6 +154,41 @@ public function check_appp_licenses() {
 		AppPresser_License_Check::run();
 	}
 
+	/**
+	 * A filter to use:
+	 * 
+	 *  Access-Control-Allow-Origin: *
+	 * 
+	 * when the AppPresser admin setting is on.
+	 */
+	public function myappp_cors() {
+		if( self::settings( 'ap3_enable_cors', false ) ) {
+			add_filter( 'myappp_allow_origin', function() {
+				return '*';
+			} );
+		}
+
+	}
+
+	/**
+	 * Use:
+	 * 
+	 *  Access-Control-Allow-Origin: *
+	 * 
+	 * Applies a filter 
+	 */
+	public function app_cors_header() {
+
+		if( self::is_app() ) {
+			$myappp_allow_origin = apply_filters( 'myappp_allow_origin', 'https://myapppresser.com' );
+
+			if( $myappp_allow_origin ) {
+				header("Access-Control-Allow-Origin: $myappp_allow_origin");
+			}
+		}
+
+	}
+
 	/**
 	 * Manually add some vars and our script tag so that we can head off the page if need be
 	 * @since  1.0.3

diff --git a/inc/AppPresser_Admin_Settings.php b/inc/AppPresser_Admin_Settings.php
@@ -676,6 +676,12 @@ public function add_settings() {
 		self::add_setting( 'ap3_site_slug', __( 'Site slug', 'apppresser' ), array( 'type' => 'text', 'helptext' => __( 'Find this by logging into your myapppresser.com dashboard, choose your app, General tab => API Settings', 'apppresser' ) ) );
 		self::add_setting( 'ap3_app_id', __( 'App ID', 'apppresser' ), array( 'type' => 'text', 'helptext' => __( 'Find this by logging into your myapppresser.com dashboard, choose your app, General tab => API Settings', 'apppresser' ) ) );
 
+		self::add_setting( 'ap3_enable_cors', __( 'Enable CORS', 'apppresser' ), array( 
+			'type' => 'checkbox',
+			'helptext' => __( 'CORS (Cross Origin Resource Sharing) is a common security settings to protect content from other website.', 'apppresser' ),
+			'description' => __( 'Check if you are seeing <a href="https://docs.apppresser.com/article/409-blank-page-x-frame-options" target="_blank">blank pages</a> in the app', 'apppresser' ),
+		) );
+
 		self::add_setting_label( __( 'Advanced Settings', 'apppresser' ), array(
 			'subtab' => 'v2-only',
 			'deprecated' => 2,