librenms-librenms/config/cors.php

<?php

return [

    /*
     * A cors profile determines which origins, methods, headers are allowed for
     * a given requests. The `DefaultProfile` reads its configuration from this
     * config file.
     *
     * You can easily create your own cors profile.
     * More info: https://github.com/spatie/laravel-cors/#creating-your-own-cors-profile
     */
    'cors_profile' => App\Http\Profile\CorsApiProfile::class,

    /*
     * This configuration is used by `DefaultProfile`.
     */
    'default_profile' => [

        'allow_credentials' => false,

        'allow_origins' => [
            '*',
        ],

        'allow_methods' => [
            'POST',
            'GET',
            'OPTIONS',
            'PUT',
            'PATCH',
            'DELETE',
        ],

        'allow_headers' => [
            'Content-Type',
            'X-Auth-Token',
            'Origin',
            'Authorization',
        ],

        'expose_headers' => [
            'Cache-Control',
            'Content-Language',
            'Content-Type',
            'Expires',
            'Last-Modified',
            'Pragma',
        ],

        'forbidden_response' => [
            'message' => 'Forbidden (cors).',
            'status' => 403,
        ],

        /*
         * Preflight request will respond with value for the max age header.
         */
        'max_age' => 60 * 60 * 24,
    ],
];
Move API routing to Laravel (#10457) * Add more api helper functions to centralize code more * Enable cors * Initial Legacy route in Laravel * Force api v0 responses to json Add a couple more routes * more paths, pretty print the json response pass parameters to the api function * devices basic functions * Port generic graph function check permissions function accepts callback to avoid lots of if statements * move vlans * links * graphs * fdb * health * wireless * port graphs * ip functions split em up * port_stack * components * compoment add/edit/delete * get_device_groups * port stats * port graphs * get_devices_by_group * port_groups * api_get_graph * show_endpoints * get_bill * get_bill_graph * get_bill_graphdata * get_bill_history * get_bill_history_graph * remaining bill functions * list_alerts * ack/unmute alert * Some cleanups * Some cleanups * list_alert_rules * alert rule add/edit/delete * inventory * list_cbgp * vrf * list_ipsec * list_fdb * list_links (fix both usages) * list_locations * list_locations * list_vlans * list_ip_addresses * list_arp * list_ip_networks * cleanup * services * list_logs and fix authlog....... * cleanup * cleanup 2 * remove slim * don't load schema more than once * basic test * fix style * downgrade laravel-cors to a version that supports PHP 7.1 2019-07-29 16:32:37 -05:00			`<?php`

			`return [`

			`/*`
			`* A cors profile determines which origins, methods, headers are allowed for`
			* a given requests. The `DefaultProfile` reads its configuration from this
			`* config file.`
			`*`
			`* You can easily create your own cors profile.`
			`* More info: https://github.com/spatie/laravel-cors/#creating-your-own-cors-profile`
			`*/`
			`'cors_profile' => App\Http\Profile\CorsApiProfile::class,`

			`/*`
			* This configuration is used by `DefaultProfile`.
			`*/`
			`'default_profile' => [`

			`'allow_credentials' => false,`

			`'allow_origins' => [`
			`'*',`
			`],`

			`'allow_methods' => [`
			`'POST',`
			`'GET',`
			`'OPTIONS',`
			`'PUT',`
			`'PATCH',`
			`'DELETE',`
			`],`

			`'allow_headers' => [`
			`'Content-Type',`
			`'X-Auth-Token',`
			`'Origin',`
			`'Authorization',`
			`],`

			`'expose_headers' => [`
			`'Cache-Control',`
			`'Content-Language',`
			`'Content-Type',`
			`'Expires',`
			`'Last-Modified',`
			`'Pragma',`
			`],`

			`'forbidden_response' => [`
			`'message' => 'Forbidden (cors).',`
			`'status' => 403,`
			`],`

			`/*`
			`* Preflight request will respond with value for the max age header.`
			`*/`
			`'max_age' => 60 * 60 * 24,`
			`],`
			`];`