Luca/thetool
1
0
Fork 0
Code Issues 5 Pull Requests 5 Actions Packages Projects Releases Wiki Activity

Always allow CORS from localhost Origin

Browse Source
This commit is contained in:
Frank Schubert
2022-12-01 14:51:57 +01:00
parent bb0307d482
commit 88b966e2ed
1 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
lib/mvcfronk/mfBase/mfBaseApicontroller.php
View File

@@ -50,8 +50,6 @@ class mfBaseApicontroller {
header("Access-Control-Allow-Methods: GET,POST,PUT,DELETE,OPTIONS");
header("Access-Control-Allow-Headers: X-Api-Key");
$this->log->debug("origin header: ".$this->headers['origin']);
if(preg_match('#^(https?)://([^/:]+)(:\d+)?/?$#i', $this->headers['origin'], $m)) {
$origin_proto = $m[1];
$origin_hostname = $m[2];
@@ -330,6 +328,15 @@ class mfBaseApicontroller {
if(preg_match('#^(https?)://([^/:]+)(:\d+)?/?$#i', $this->headers['origin'], $m)) {
$request_origin['proto'] = $m[1];
$request_origin['hostname'] = $m[2];
} else {
$this->return(mfResponse::Forbidden(["message" => "Malformed Origin header"]));
}
if($request_origin['hostname'] == "localhost") {
// always allow requests from localhost
$this->log->debug("Allowing localhost Origin");
header("Access-Control-Allow-Origin: ".$request_origin['proto']."://".$request_origin['hostname']);
return true;
}