From 1aef31f9fcf033af22fd5e9ad2d762b422cc5146 Mon Sep 17 00:00:00 2001
From: Dominique Feyer <dfeyer@ttree.ch>
Date: Sat, 30 Mar 2019 16:17:18 +0100
Subject: [PATCH] TASK: Configure Access-Control-Allow-Origin from
 Settings.yaml

---
 Classes/Controller/TokenController.php | 16 +++++++++++-----
 Configuration/Settings.yaml            |  5 ++++-
 2 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/Classes/Controller/TokenController.php b/Classes/Controller/TokenController.php
index 4c5fb05..eb75908 100644
--- a/Classes/Controller/TokenController.php
+++ b/Classes/Controller/TokenController.php
@@ -46,16 +46,22 @@ class TokenController extends AbstractAuthenticationController
      */
     protected $localizationService;
 
+    /**
+     * @var array
+     * @Flow\InjectConfiguration(package="RFY.JWT", path="response.headers")
+     */
+    protected $responseHeaders;
+
     /**
      *
      */
     public function initializeAuthenticateAction()
     {
-        $this->response->setHeader('Access-Control-Allow-Origin', '*');
+        $this->response = $this->response->withHeader('Access-Control-Allow-Origin', $this->responseHeaders['Access-Control-Allow-Origin']);
 
         if ($this->request->getHttpRequest()->getMethod() === 'OPTIONS') {
-            $this->response->setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization');
-            $this->response->withStatus(204);
+            $this->response = $this->response->withHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization');
+            $this->response = $this->response->withStatus(204);
             return '';
         }
     }
@@ -100,7 +106,7 @@ protected function onAuthenticationFailure(AuthenticationRequiredException $exce
         );
 
         if ($this->request->getHttpRequest()->getMethod() !== 'OPTIONS') {
-            $this->response->setStatus(401);
+            $this->response = $this->response->withStatus(401);
         }
     }
 
@@ -110,4 +116,4 @@ protected function onAuthenticationFailure(AuthenticationRequiredException $exce
     protected function errorAction()
     {
     }
-}
\ No newline at end of file
+}
diff --git a/Configuration/Settings.yaml b/Configuration/Settings.yaml
index 453c653..6575729 100644
--- a/Configuration/Settings.yaml
+++ b/Configuration/Settings.yaml
@@ -13,10 +13,13 @@ Neos:
 
 RFY:
   JWT:
+    response:
+      headers:
+        'Access-Control-Allow-Origin': '*'
     key: ~
     algorithms:
       - HS256
     tokenSources:
       - from: header
         name: Authorization
-    claimMapping: []
\ No newline at end of file
+    claimMapping: []