From b9685072a6c08c6758e3d87382dc0fe10cfbcafe Mon Sep 17 00:00:00 2001
From: merelendor <merelendor@gmail.com>
Date: Mon, 23 Sep 2024 14:51:23 +0000
Subject: [PATCH] update for CORS origin detection

---
 api/index.php | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/api/index.php b/api/index.php
index aaba792..1451af9 100644
--- a/api/index.php
+++ b/api/index.php
@@ -22,11 +22,16 @@ $METHOD = $_SERVER['REQUEST_METHOD'];
 $REQ = [];
 
 $origin = isset($HEADERS['Origin']) ? $HEADERS['Origin'] : (isset($HEADERS['origin']) ? $HEADERS['origin'] : preg_replace(["/([^A-z.]+)/"], [""], isset($HEADERS['Host']) ? $HEADERS['Host'] : $HEADERS['host']));
-if($origin == "") 
+$origin_cleaned = parse_url($origin)['host'];
+
+if($origin_cleaned == "") 
 {
 	foreach(ORIGINS as $ORIGIN)
 	{
-		if(strpos($HEADERS['referer'], $ORIGIN) !== FALSE) 
+		$referer = $HEADERS['referer'];
+		$referer_cleaned = parse_url($referer)['host'];
+
+		if(strpos($referer_cleaned, $ORIGIN) !== FALSE) 
 		{
 			$origin = $ORIGIN;
 			break;
@@ -34,7 +39,7 @@ if($origin == "")
 	}
 }
 
-if(in_array($origin, ORIGINS))
+if(in_array($origin_cleaned, ORIGINS))
 {
 	header('Access-Control-Allow-Origin: ' . $origin);
 }