evo/evoleasing-public
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update for CORS origin detection

Browse Source
This commit is contained in:
merelendor 2024-09-23 14:51:23 +00:00
parent 6a95f7cbe9
commit b9685072a6
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
api/index.php
View File

@ -22,11 +22,16 @@ $METHOD = $_SERVER['REQUEST_METHOD'];
$REQ = []; $REQ = [];
$origin = isset($HEADERS['Origin']) ? $HEADERS['Origin'] : (isset($HEADERS['origin']) ? $HEADERS['origin'] : preg_replace(["/([^A-z.]+)/"], [""], isset($HEADERS['Host']) ? $HEADERS['Host'] : $HEADERS['host'])); $origin = isset($HEADERS['Origin']) ? $HEADERS['Origin'] : (isset($HEADERS['origin']) ? $HEADERS['origin'] : preg_replace(["/([^A-z.]+)/"], [""], isset($HEADERS['Host']) ? $HEADERS['Host'] : $HEADERS['host']));
if($origin == "") $origin_cleaned = parse_url($origin)['host'];
if($origin_cleaned == "")
{ {
foreach(ORIGINS as $ORIGIN) foreach(ORIGINS as $ORIGIN)
{ {
if(strpos($HEADERS['referer'], $ORIGIN) !== FALSE) $referer = $HEADERS['referer'];
$referer_cleaned = parse_url($referer)['host'];
if(strpos($referer_cleaned, $ORIGIN) !== FALSE)
{ {
$origin = $ORIGIN; $origin = $ORIGIN;
break; break;
@ -34,7 +39,7 @@ if($origin == "")
} }
} }
if(in_array($origin, ORIGINS)) if(in_array($origin_cleaned, ORIGINS))
{ {
header('Access-Control-Allow-Origin: ' . $origin); header('Access-Control-Allow-Origin: ' . $origin);
} }