/**
* Check if request contains authentication info for adapter
*
* @param Mage_Api2_Model_Request $request
* @return boolean
*/
public function isApplicableToRequest(Mage_Api2_Model_Request $request)
{
$headerValue = $request->getHeader('Authorization');
return $headerValue && 'oauth' === strtolower(substr($headerValue, 0, 5));
}
protected function filterBefore(Mage_Api2_Model_Request $request, Mage_Api2_Model_Response $response)
{
// Add generic CORS headers - this is not the 'right' way to do this, but Magento has no CORS support in Mage_Api2
$response->setHeader('Access-Control-Allow-Origin', '*', true);
$response->setHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE', true);
$response->setHeader('Access-Control-Allow-Headers', 'Content-Type', true);
$response->setHeader('Access-Control-Max-Age', '86400', true);
// Support credentials
$response->setHeader('Access-Control-Allow-Credentials', 'true', true);
$origin = $request->getHeader('Origin');
if ($origin) {
try {
$origin = Zend_Uri_Http::factory($origin);
$response->setHeader('Access-Control-Allow-Origin', $origin->getUri(), true);
} catch (Exception $e) {
// NOOP
}
}
Mage::dispatchEvent('api2_server_filter_before', ['request' => $request, 'response' => $response]);
}
