refactory-devops · svparijs · Mar 30, 2019
diff --git a/Classes/Controller/TokenController.php b/Classes/Controller/TokenController.php
@@ -46,16 +46,22 @@ class TokenController extends AbstractAuthenticationController
      */
     protected $localizationService;
 
+    /**
+     * @var array
+     * @Flow\InjectConfiguration(package="RFY.JWT", path="response.headers")
+     */
+    protected $responseHeaders;
+
     /**
      *
      */
     public function initializeAuthenticateAction()
     {
-        $this->response->setHeader('Access-Control-Allow-Origin', '*');
+        $this->response = $this->response->withHeader('Access-Control-Allow-Origin', $this->responseHeaders['Access-Control-Allow-Origin']);
 
         if ($this->request->getHttpRequest()->getMethod() === 'OPTIONS') {
-            $this->response->setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization');
-            $this->response->withStatus(204);
+            $this->response = $this->response->withHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization');
+            $this->response = $this->response->withStatus(204);
             return '';
         }
     }
@@ -100,7 +106,7 @@ protected function onAuthenticationFailure(AuthenticationRequiredException $exce
         );
 
         if ($this->request->getHttpRequest()->getMethod() !== 'OPTIONS') {
-            $this->response->setStatus(401);
+            $this->response = $this->response->withStatus(401);
         }
     }
 
@@ -110,4 +116,4 @@ protected function onAuthenticationFailure(AuthenticationRequiredException $exce
     protected function errorAction()
     {
     }
-}
+}
diff --git a/Configuration/Settings.yaml b/Configuration/Settings.yaml
@@ -13,10 +13,13 @@ Neos:
 
 RFY:
   JWT:
+    response:
+      headers:
+        'Access-Control-Allow-Origin': '*'
     key: ~
     algorithms:
       - HS256
     tokenSources:
       - from: header
         name: Authorization
-    claimMapping: []
+    claimMapping: []