evo/evoleasing-public
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update for CORS origin detection

Browse Source
This commit is contained in:
merelendor 2024-09-23 14:51:23 +00:00
parent 6a95f7cbe9
commit b9685072a6
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
api/index.php
View File

@ -22,11 +22,16 @@ $METHOD = $_SERVER['REQUEST_METHOD'];
$REQ = [];
$origin = isset($HEADERS['Origin']) ? $HEADERS['Origin'] : (isset($HEADERS['origin']) ? $HEADERS['origin'] : preg_replace(["/([^A-z.]+)/"], [""], isset($HEADERS['Host']) ? $HEADERS['Host'] : $HEADERS['host']));
if($origin == "")
$origin_cleaned = parse_url($origin)['host'];
if($origin_cleaned == "")
{
foreach(ORIGINS as $ORIGIN)
{
if(strpos($HEADERS['referer'], $ORIGIN) !== FALSE)
$referer = $HEADERS['referer'];
$referer_cleaned = parse_url($referer)['host'];
if(strpos($referer_cleaned, $ORIGIN) !== FALSE)
{
$origin = $ORIGIN;
break;
@ -34,7 +39,7 @@ if($origin == "")
}
}
if(in_array($origin, ORIGINS))
if(in_array($origin_cleaned, ORIGINS))
{
header('Access-Control-Allow-Origin: ' . $origin);
}