From bb0307d4821d4f0c94458b1554fb2831b9b5f929 Mon Sep 17 00:00:00 2001
From: Frank Schubert <fronk@fronk.at>
Date: Thu, 1 Dec 2022 14:36:33 +0100
Subject: [PATCH] Allowed PUT and DELETE in CORS

---
 lib/mvcfronk/mfBase/mfBaseApicontroller.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/lib/mvcfronk/mfBase/mfBaseApicontroller.php b/lib/mvcfronk/mfBase/mfBaseApicontroller.php
index 996519dba..1d06741d5 100644
--- a/lib/mvcfronk/mfBase/mfBaseApicontroller.php
+++ b/lib/mvcfronk/mfBase/mfBaseApicontroller.php
@@ -47,12 +47,12 @@ class mfBaseApicontroller {
     // allow all origins
     if($this->http_method == "OPTIONS") {
       // dont execute route, OPTIONS only requires CORS headers
-      header("Access-Control-Allow-Methods: GET,POST,OPTIONS");
+      header("Access-Control-Allow-Methods: GET,POST,PUT,DELETE,OPTIONS");
       header("Access-Control-Allow-Headers: X-Api-Key");
       
       $this->log->debug("origin header: ".$this->headers['origin']);
       
-      if(preg_match('#^(https?)://(.+)(:\d+)?$#i', $this->headers['origin'], $m)) {
+      if(preg_match('#^(https?)://([^/:]+)(:\d+)?/?$#i', $this->headers['origin'], $m)) {
         $origin_proto = $m[1];
         $origin_hostname = $m[2];
         header("Access-Control-Allow-Origin: ".$origin_proto."://".$origin_hostname);
@@ -312,7 +312,7 @@ class mfBaseApicontroller {
   }
   
   private function createCorsHeaders() {
-    header("Access-Control-Allow-Methods: GET,POST,OPTIONS");
+    header("Access-Control-Allow-Methods: GET,POST,PUT,DELETE,OPTIONS");
     header("Access-Control-Allow-Headers: X-Api-Key");
     
     if(!is_array($this->allowed_origins) || !count($this->allowed_origins)) {
@@ -327,7 +327,7 @@ class mfBaseApicontroller {
     
     $request_origin = ["proto" => false, "hostname" => ""];
     $m = [];
-    if(preg_match('#^(https?)://(.+)(:\d+)?/?$#i', $this->headers['origin'], $m)) {
+    if(preg_match('#^(https?)://([^/:]+)(:\d+)?/?$#i', $this->headers['origin'], $m)) {
       $request_origin['proto'] = $m[1];
       $request_origin['hostname'] = $m[2];
     }
@@ -339,7 +339,7 @@ class mfBaseApicontroller {
       $hostname = $origin;
       
       $m = [];
-      if(preg_match('#^(https?)://(.+)/?$#i', $origin, $m)) {
+      if(preg_match('#^(https?)://([^/]+)/?$#i', $origin, $m)) {
         $proto = $m[1];
         $hostname = $m[2];
       }