Hi,
when I try to call the URL of following Typo3-Middleware (like e.g. https://intranet.stadtverwaltung.loc/XCQuery_Content?Query=ang ) from a script residing in another domain, the returned header doesn’t contain the ‘Access-Control-Allow-Origin’ while it does when accessed directly by the browser (meaning that the header is set correctly but when accessing the script via a script from another domain invocation of the script is being blocked, isn’t it?):
<?php
declare( strict_types = 1 );
namespace WaXCode\AngularCLI_Suite\SearchBar ;
header("Access-Control-Allow-Origin: *");
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\MiddlewareInterface;
use Psr\Http\Server\RequestHandlerInterface;
use TYPO3\CMS\Core\Http\Response;
use TYPO3\CMS\Core\Http\Stream;
use TYPO3\CMS\Core\Database\ConnectionPool;
/** Queries Typo3's "tt_content".
*
* @param Query The regular expression to query with.
*/
final class ContentQuery implements MiddlewareInterface {
/** Stores a connection to the Typo3 table "tt_content". */
protected $dbcTT_CONTENT ;
/** Constructs this [ ContentQuery ] by setting the $this->dbcTT_CONTENT. */
function __construct() { $this->dbcTT_CONTENT = ( new ConnectionPool())->getConnectionForTable('tt_content');}
/** Finds all content-elements that match the regular expression specified in the $_GET["Query"].
*
* @param request The \ServerRequestInterface as provided by Typo3.
* @param handler The \RequestHandlerInterface as provided by Typo3.
*
* @returns An appropriate \ResponseInterface along with a JSON containing the result of the LDAP-Query.
*/
public function process( ServerRequestInterface $request, RequestHandlerInterface $handler ) : ResponseInterface {
// Return without performing any operation if not responsible for the request or the regular expression to query for is an invalid one.
if(!str_contains( $request->getUri()->getPath(),'/XCQuery_Content') || $_GET['Query'] == '') return $handler->handle( $request );
// #region Select title, slug and rowDescription both of the page and the content-element, bodytext and uid of every content-element that matches the $_GET["Query"].
$queryBuilder = $this->dbcTT_CONTENT->createQueryBuilder();
$queryResult = $queryBuilder
->select('tt_content.uid')
->addSelect('bodytext')
->addSelect('tt_content.rowDescription')
->addSelect('p.rowDescription AS pageDescription')
->addSelect('header')
->addSelect('slug')
->addSelect('title')
->from('tt_content')
->join('tt_content','pages','p', $queryBuilder->expr()->eq('p.uid', $queryBuilder->quoteIdentifier('tt_content.pid')))
->where( $queryBuilder->expr()->comparison( $queryBuilder->quoteIdentifier('bodytext'), 'REGEXP', $queryBuilder->createNamedParameter( $_GET['Query'])))
->orWhere( $queryBuilder->expr()->comparison( $queryBuilder->quoteIdentifier('tt_content.rowDescription'), 'REGEXP', $queryBuilder->createNamedParameter( $_GET['Query'])))
->orderBy('slug')->execute();
// #endregion Select title, slug and rowDescription both of the page and the content-element, bodytext and uid of every content-element that matches the $_GET["Query"].
// Generate the JSON response.
$body = new Stream('php://temp','rw');
$body->write( json_encode( $queryResult->fetchAll()));
return ( new Response())
->withHeader('content-type','text/plain; charset=utf-8')
->withHeader('Access-Control-Allow-Origin','*')
->withBody( $body )->withStatus( 200 );}}
I’d really like to use middleware instead of plain php-script, which work without any CORS-Errormessage, since the Apache server is setup correctly regarding to CORS.
Can anybody tell me how I can set Typo3 up in a way that it grands CORS-Access to a middleware?