Add universal CORS restriction

internal-api/admin/api-authentication/index.php

@@ -7,6 +7,7 @@ require_once(HESK_PATH . 'inc/common.inc.php');
 require_once(HESK_PATH . 'inc/admin_functions.inc.php');
 require_once(INTERNAL_API_PATH . 'core/output.php');
 require_once(INTERNAL_API_PATH . 'dao/api_authentication_dao.php');
+require_once(INTERNAL_API_PATH . 'core/cors.php');
 
 hesk_session_start();
 hesk_load_internal_api_database_functions();

internal-api/admin/api-settings/index.php

@@ -7,6 +7,7 @@ require_once(HESK_PATH . 'inc/common.inc.php');
 require_once(HESK_PATH . 'inc/admin_functions.inc.php');
 require_once(INTERNAL_API_PATH . 'core/output.php');
 require_once(INTERNAL_API_PATH . 'dao/settings_dao.php');
+require_once(INTERNAL_API_PATH . 'core/cors.php');
 
 hesk_session_start();
 hesk_load_internal_api_database_functions();

internal-api/admin/calendar/index.php

@@ -9,6 +9,7 @@ require_once(HESK_PATH . 'inc/posting_functions.inc.php');
 require_once(HESK_PATH . 'inc/admin_functions.inc.php');
 require_once(INTERNAL_API_PATH . 'core/output.php');
 require_once(INTERNAL_API_PATH . 'dao/calendar_dao.php');
+require_once(INTERNAL_API_PATH . 'core/cors.php');
 
 hesk_session_start();
 hesk_load_internal_api_database_functions();

internal-api/admin/knowledgebase/upload-attachment.php

@@ -8,6 +8,7 @@ require_once(HESK_PATH . 'inc/attachments.inc.php');
 require_once(HESK_PATH . 'inc/posting_functions.inc.php');
 require_once(INTERNAL_API_PATH . 'core/output.php');
 require_once(INTERNAL_API_PATH . 'dao/attachment_dao.php');
+require_once(INTERNAL_API_PATH . 'core/cors.php');
 
 hesk_load_internal_api_database_functions();
 hesk_dbConnect();

internal-api/admin/message-log/index.php

@@ -6,6 +6,7 @@ require_once(HESK_PATH . 'hesk_settings.inc.php');
 require_once(HESK_PATH . 'inc/common.inc.php');
 require_once(INTERNAL_API_PATH . 'core/output.php');
 require_once(INTERNAL_API_PATH . 'dao/message_log_dao.php');
+require_once(INTERNAL_API_PATH . 'core/cors.php');
 
 hesk_load_internal_api_database_functions();
 hesk_dbConnect();

internal-api/calendar/index.php

@@ -8,6 +8,7 @@ require_once(HESK_PATH . 'inc/attachments.inc.php');
 require_once(HESK_PATH . 'inc/posting_functions.inc.php');
 require_once(INTERNAL_API_PATH . 'core/output.php');
 require_once(INTERNAL_API_PATH . 'dao/calendar_dao.php');
+require_once(INTERNAL_API_PATH . 'core/cors.php');
 
 hesk_session_start();
 hesk_load_internal_api_database_functions();

internal-api/core/cors.php

@@ -0,0 +1,3 @@
+<?php
+
+header('Access-Control-Allow-Origin', '*');

internal-api/ticket/delete-attachment.php

@@ -8,6 +8,7 @@ require_once(HESK_PATH . 'inc/attachments.inc.php');
 require_once(HESK_PATH . 'inc/posting_functions.inc.php');
 require_once(INTERNAL_API_PATH . 'core/output.php');
 require_once(INTERNAL_API_PATH . 'dao/attachment_dao.php');
+require_once(INTERNAL_API_PATH . 'core/cors.php');
 
 hesk_load_internal_api_database_functions();
 hesk_dbConnect();

internal-api/ticket/upload-attachment.php

@@ -8,6 +8,7 @@ require_once(HESK_PATH . 'inc/attachments.inc.php');
 require_once(HESK_PATH . 'inc/posting_functions.inc.php');
 require_once(INTERNAL_API_PATH . 'core/output.php');
 require_once(INTERNAL_API_PATH . 'dao/attachment_dao.php');
+require_once(INTERNAL_API_PATH . 'core/cors.php');
 
 hesk_load_internal_api_database_functions();
 hesk_dbConnect();