Added Port to allowed origin header if in request
This commit is contained in:
Frank Schubert
@@ -53,7 +53,12 @@ class mfBaseApicontroller {
|
||||
if(preg_match('#^(https?)://([^/:]+)(:\d+)?/?$#i', $this->headers['origin'], $m)) {
|
||||
$origin_proto = $m[1];
|
||||
$origin_hostname = $m[2];
|
||||
header("Access-Control-Allow-Origin: ".$origin_proto."://".$origin_hostname);
|
||||
$origin_port = $m[3];
|
||||
$allowed_origin = $origin_proto."://".$origin_hostname;
|
||||
if($origin_port) {
|
||||
$allowed_origin .= "$origin_port";
|
||||
}
|
||||
header("Access-Control-Allow-Origin: $allowed_origin");
|
||||
$this->return(mfResponse::Ok());
|
||||
}
|
||||
}
|
||||
@@ -333,11 +338,14 @@ class mfBaseApicontroller {
|
||||
return true;
|
||||
}
|
||||
|
||||
$request_origin = ["proto" => false, "hostname" => ""];
|
||||
$request_origin = ["proto" => false, "hostname" => "", "port" => false];
|
||||
$m = [];
|
||||
if(preg_match('#^(https?)://([^/:]+)(:\d+)?/?$#i', $this->headers['origin'], $m)) {
|
||||
$request_origin['proto'] = $m[1];
|
||||
$request_origin['hostname'] = $m[2];
|
||||
if(array_key_exists(3, $m) && $m[3]) {
|
||||
$request_origin['port'] = $m[3];
|
||||
}
|
||||
} else {
|
||||
$this->return(mfResponse::Forbidden(["message" => "Malformed Origin header"]));
|
||||
}
|
||||
@@ -345,7 +353,11 @@ class mfBaseApicontroller {
|
||||
if($request_origin['hostname'] == "localhost") {
|
||||
// always allow requests from localhost
|
||||
$this->log->debug("Allowing localhost Origin");
|
||||
header("Access-Control-Allow-Origin: ".$request_origin['proto']."://".$request_origin['hostname']);
|
||||
$allowed_origin = $request_origin['proto']."://".$request_origin['hostname'];
|
||||
if($request_origin['port']) {
|
||||
$allowed_origin .= $request_origin['port'];
|
||||
}
|
||||
header("Access-Control-Allow-Origin: $allowed_origin");
|
||||
return true;
|
||||
}
|
||||
|
||||
@@ -369,13 +381,22 @@ class mfBaseApicontroller {
|
||||
if(preg_match('/^'.$hostname.'$/', $request_origin['hostname'])) {
|
||||
if($proto) {
|
||||
if($proto == $request_origin['proto']) {
|
||||
header("Access-Control-Allow-Origin: $proto://".$request_origin['hostname']);
|
||||
$allowed_origin = $proto."://".$request_origin['hostname'];
|
||||
if($request_origin['port']) {
|
||||
$allowed_origin .= $request_origin['port'];
|
||||
}
|
||||
header("Access-Control-Allow-Origin: $allowed_origin");
|
||||
return true;
|
||||
}
|
||||
} else {
|
||||
header("Access-Control-Allow-Origin: ".$request_origin['proto']."://".$request_origin['hostname']);
|
||||
$allowed_origin = $request_origin['proto']."://".$request_origin['hostname'];
|
||||
if($request_origin['port']) {
|
||||
$allowed_origin .= $request_origin['port'];
|
||||
}
|
||||
header("Access-Control-Allow-Origin: $allowed_origin");
|
||||
return true;
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user