Leaderboard

This plugin aims to tackle a very specific issue which occurs when you try to use OAuth2 and JavaScript together in a browser application. Until now, this was not really feasible as the use of the Authorization header in the request will cause the browser to send a CORS pre-flight request to the endpoint. This request is an OPTIONS request and since it is not GET, PUT, POST or DELETE; IPS defaults to handling it as a GET request. As a result, the pre-flight request fails and causes the user to rely on a proxy of some sort to send the request with PHP or another server-side language. This plugin extends the API dispatcher class and handles processing and generating a valid CORS pre-flight request response with the following headers: Access-Control-Allow-Methods Generated automatically from the methods of the endpoint being called. If the endpoint supports GET and POST, the allowed methods header will contain GET, POST but not PUT or DELETE. Access-Control-Allow-Headers Generated automatically from the request "Access-Control-Request-Headers" header to allow any headers being passed in the request. This is not the most secure method but it is version 1.0.0, maybe I will implement a setting for specific headers in a future version. Access-Control-Allow-Origin Generated from the plugin settings (see attached screenshot). It evaluates the "Origin" (or "Referer") header and if the request comes from one of the whitelisted domains in the plugin settings, it will set the value of the "Access-Control-Allow-Origin" header to be the domain of the request. Otherwise, the header will not be set and the CORS request will fail. NOTE: Setting "*" as one of the allowed domains will allow CORS requests from any domain. This creates a possible XSS vulnerability and I would not recommend setting that option.

Logs information about all logins performed on your site, whether they are successful or not. The following information is logged: Time of attempt, Member account Username/Email used, IP Address Attempt number Result It should be noted that there is the potential for massive amounts of data to be stored with this application on busy sites, so I recommend you use the LOG PRUNING setting to prune old logs daily. Upgrade from version 1.1.0 (IP.Board 3.X): Simply perform a FRESH INSTALL of version 2.0.0 and the installer will insert the logs from the old app into the new and will delete all data from old app.