Removed WP-GQL-CORS as dependency

Now the theme allows any frontend domain to make a CORS request. This is how WP-JSON API works. Can use WP-GQL-CORS plugin for more complex control.
funkhaus · Dec 4, 2020 · 1af1965 · 1af1965
1 parent bcbf0c0
commit 1af1965
Show file tree

Hide file tree

Showing 4 changed files with 59 additions and 36 deletions.
diff --git a/functions.php b/functions.php
@@ -21,7 +21,7 @@
  * Generally you don't have to edit any of the files below
  */
     // Handles plugin dependencies
-    include_once get_template_directory() . '/functions/plugin-importer.php';
+    include_once get_template_directory() . '/functions/plugin-manifest.php';
 
     // Handles Developer role
     include_once get_template_directory() . '/functions/developer-role.php';
diff --git a/functions/gql-functions.php b/functions/gql-functions.php
@@ -17,21 +17,21 @@ function whitelist_settings() {
             }
         ]);
 
-        // Define a fields to get both WordPress URLs     
-	register_graphql_field('GeneralSettings', 'backendUrl', [
-		'type' 			=> 'String',
-		'description' 	=> __( 'WordPress Address (URL)', 'fuxt' ),
-		'resolve' 		=> function( $root, $args, $context, $info ) {
-			return get_site_url();
-		}
-	]);
-	register_graphql_field('GeneralSettings', 'frontendUrl', [
-		'type' 			=> 'String',
-		'description' 	=> __( 'Site Address (URL)', 'fuxt' ),
-		'resolve' 		=> function( $root, $args, $context, $info ) {
-			return get_home_url();
-		}
-	]);
+        // Define a fields to get both WordPress URLs
+    	register_graphql_field('GeneralSettings', 'backendUrl', [
+    		'type' 			=> 'String',
+    		'description' 	=> __( 'WordPress Address (URL)', 'fuxt' ),
+    		'resolve' 		=> function( $root, $args, $context, $info ) {
+    			return get_site_url();
+    		}
+    	]);
+    	register_graphql_field('GeneralSettings', 'frontendUrl', [
+    		'type' 			=> 'String',
+    		'description' 	=> __( 'Site Address (URL)', 'fuxt' ),
+    		'resolve' 		=> function( $root, $args, $context, $info ) {
+    			return get_home_url();
+    		}
+    	]);
     }
     add_action('graphql_init', 'whitelist_settings', 1);
 
@@ -53,7 +53,7 @@ function add_encoded_content_field() {
 
 
 /*
- * Make menus publicly accessible 
+ * Make menus publicly accessible
  */
 	function enable_public_menus( $is_private, $model_name, $data, $visibility, $owner, $current_user ) {
 		if ( 'MenuObject' === $model_name || 'MenuItemObject' === $model_name ) {
@@ -64,6 +64,36 @@ function enable_public_menus( $is_private, $model_name, $data, $visibility, $own
 	add_filter( 'graphql_data_is_private', 'enable_public_menus', 10, 6 );
 
 
+/*
+ * This allows any frontend domain to access the GQL endpoint. This mirros how WP-JSON API works.
+ * SEE https://developer.wordpress.org/reference/functions/rest_send_cors_headers/
+ * SEE https://github.com/funkhaus/wp-graphql-cors/blob/master/includes/process-request.php
+ */
+    function set_wpgql_cors_response_headers($headers) {
+        // Abort if using Wp-GQL_CORS plugin for headers instead
+        if( class_exists('WP_GraphQL_CORS') ) {
+            return $headers;
+        }
+
+        // Allow any domain to send cookies
+        $headers['Access-Control-Allow-Origin'] = get_http_origin();
+        $headers['Access-Control-Allow-Credentials'] = 'true';
+
+        // Allow certain header types. Respect the defauls from WP-GQL too.
+        $access_control_allow_headers = apply_filters(
+    		'graphql_access_control_allow_headers',
+    		[
+    			'Authorization',
+    			'Content-Type',
+    		]
+    	);
+    	$headers['Access-Control-Allow-Headers'] = implode( ', ', $access_control_allow_headers );
+
+    	return $headers;
+    }
+    add_filter('graphql_response_headers_to_send', 'set_wpgql_cors_response_headers');
+
+
 /*
  * Adds next post node to all the custom Post Types
  */
@@ -205,14 +235,14 @@ function get_next_page_id($page) {
  * returns adjacent page id
  */
     function get_adjacent_page_id($page, $direction) {
-    	$args = array(
+    	$args = [
     		'post_type'         => $page->post_type,
     		'order'             => 'ASC',
     		'orderby'           => 'menu_order',
     		'post_parent'       => $page->post_parent,
     		'fields'            => 'ids',
     		'posts_per_page'    => -1
-    	);
+    	];
 
     	$pages = get_posts($args);
     	$current_key = array_search($page->ID, $pages);
@@ -269,7 +299,7 @@ function custom_default_where_args($query_args, $source, $args, $context, $info)
     function gql_register_email_mutation() {
 
     	// Define the input parameters
-    	$inputFields = array(
+    	$input_fields = [
     		'to' => [
     			'type' 			=> ['list_of' => 'String'],
     			'description' 	=> 'Array of email addresses to send email to. Must comply to RFC 2822 format.',
@@ -290,10 +320,10 @@ function gql_register_email_mutation() {
     			'type' 			=> 'String',
     			'description' 	=> 'Crude anti-spam measure. This must equal the clientMutationId, otherwise the email will not be sent.'
     		]
-    	);
+    	];
 
     	// Define the ouput parameters
-    	$outputFields = array(
+    	$output_fields = [
     		'to' => [
     			'type' 			=> ['list_of' => 'String'],
     			'description' 	=> 'Array of email addresses to send email to. Must comply to RFC 2822 format.',
@@ -317,10 +347,10 @@ function gql_register_email_mutation() {
     				return isset( $payload['sent'] ) ? $payload['sent'] : false;
     			}
     		]
-    	);
+    	];
 
     	// This function processes the submitted data
-    	$mutateAndGetPayload = function( $input, $context, $info ) {
+    	$mutate_and_get_payload = function( $input, $context, $info ) {
 
     		// Spam honeypot. Make sure that the clientMutationId matches the trap input.
     		if( $input['clientMutationId'] !== $input['trap'] ) {
@@ -342,9 +372,9 @@ function gql_register_email_mutation() {
 
     	// Add mutation to WP-GQL now
     	$args = array(
-    		'inputFields' 			=> $inputFields,
-    		'outputFields'			=> $outputFields,
-    		'mutateAndGetPayload'	=> $mutateAndGetPayload
+    		'inputFields' 			=> $input_fields,
+    		'outputFields'			=> $output_fields,
+    		'mutateAndGetPayload'	=> $mutate_and_get_payload
     	);
     	register_graphql_mutation( 'sendEmail', $args);
     }

diff --git a/functions/plugin-importer.php → functions/plugin-manifest.php b/functions/plugin-importer.php → functions/plugin-manifest.php
@@ -2,7 +2,7 @@
 /*
  * This file handles the required plugins for the theme
  */
-    include_once get_template_directory() . '/functions/class-tgm-plugin-activation.php';
+    include_once get_template_directory() . '/libs/class-tgm-plugin-activation.php';
 
     function vuehaus_register_required_plugins() {
 
@@ -26,13 +26,6 @@ function vuehaus_register_required_plugins() {
                 'slug'      => 'wp-graphql',
                 'version'   => "1.0"
             ),
-            array(
-                'name'      => 'WP GraphQL CORS',
-                'slug'      => 'wp-graphql-cors',
-                'source'    => 'https://github.com/funkhaus/wp-graphql-cors/archive/master.zip',
-                'version'   => "1.1.0",
-                'required'  => false
-            ),
             array(
                 'name'      => 'Advanced Custom Fields Pro',
                 'slug'      => 'advanced-custom-fields-pro',
@@ -44,7 +37,7 @@ function vuehaus_register_required_plugins() {
                 'slug'      => 'funkhaus-auto-seo',
                 'external_url'	=> 'https://github.com/funkhaus/funkhaus-auto-seo/',
                 'required'	=> false
-            ),            
+            ),
             array(
                 'name'      => 'WP GraphQL for Advanced Custom Fields',
                 'slug'      => 'wp-graphql-acf',

diff --git a/functions/class-tgm-plugin-activation.php → libs/class-tgm-plugin-activation.php b/functions/class-tgm-plugin-activation.php → libs/class-tgm-plugin-activation.php