diff --git a/apppresser.php b/apppresser.php index 55cee95..c91482c 100644 --- a/apppresser.php +++ b/apppresser.php @@ -110,6 +110,8 @@ function __construct() { // Hook in all our important pieces add_action( 'plugins_loaded', array( $this, 'includes' ) ); add_action( 'admin_init', array( $this, 'check_appp_licenses' ) ); + add_action( 'init', array( $this, 'myappp_cors') ); + add_action( 'send_headers', array( $this, 'app_cors_header' ) ); add_action( 'wp_enqueue_scripts', array( $this, 'frontend_scripts' ), 8 ); add_action( 'wp_head', array( $this, 'do_appp_script' ), 1 ); add_action( 'wp_enqueue_scripts', array( $this, 'ajax_login_init' ) ); @@ -152,6 +154,41 @@ public function check_appp_licenses() { AppPresser_License_Check::run(); } + /** + * A filter to use: + * + * Access-Control-Allow-Origin: * + * + * when the AppPresser admin setting is on. + */ + public function myappp_cors() { + if( self::settings( 'ap3_enable_cors', false ) ) { + add_filter( 'myappp_allow_origin', function() { + return '*'; + } ); + } + + } + + /** + * Use: + * + * Access-Control-Allow-Origin: * + * + * Applies a filter + */ + public function app_cors_header() { + + if( self::is_app() ) { + $myappp_allow_origin = apply_filters( 'myappp_allow_origin', 'https://myapppresser.com' ); + + if( $myappp_allow_origin ) { + header("Access-Control-Allow-Origin: $myappp_allow_origin"); + } + } + + } + /** * Manually add some vars and our script tag so that we can head off the page if need be * @since 1.0.3 diff --git a/inc/AppPresser_Admin_Settings.php b/inc/AppPresser_Admin_Settings.php index ea9000a..be9c4b6 100644 --- a/inc/AppPresser_Admin_Settings.php +++ b/inc/AppPresser_Admin_Settings.php @@ -676,6 +676,12 @@ public function add_settings() { self::add_setting( 'ap3_site_slug', __( 'Site slug', 'apppresser' ), array( 'type' => 'text', 'helptext' => __( 'Find this by logging into your myapppresser.com dashboard, choose your app, General tab => API Settings', 'apppresser' ) ) ); self::add_setting( 'ap3_app_id', __( 'App ID', 'apppresser' ), array( 'type' => 'text', 'helptext' => __( 'Find this by logging into your myapppresser.com dashboard, choose your app, General tab => API Settings', 'apppresser' ) ) ); + self::add_setting( 'ap3_enable_cors', __( 'Enable CORS', 'apppresser' ), array( + 'type' => 'checkbox', + 'helptext' => __( 'CORS (Cross Origin Resource Sharing) is a common security settings to protect content from other website.', 'apppresser' ), + 'description' => __( 'Check if you are seeing blank pages in the app', 'apppresser' ), + ) ); + self::add_setting_label( __( 'Advanced Settings', 'apppresser' ), array( 'subtab' => 'v2-only', 'deprecated' => 2,