fix CORS Headers when we are coming from a non-standard port. Use a regexp instead of == so that we match regardless of port

This commit is contained in:
Isaac Connor 2018-09-14 14:52:33 -04:00
parent b5b71edbf6
commit d9b1d3ec11
1 changed files with 5 additions and 5 deletions

View File

@ -36,20 +36,20 @@ function noCacheHeaders() {
}
function CORSHeaders() {
if ( isset( $_SERVER['HTTP_ORIGIN'] ) ) {
if ( isset($_SERVER['HTTP_ORIGIN']) ) {
# The following is left for future reference/use.
$valid = false;
$servers = dbFetchAll( 'SELECT * FROM Servers' );
$servers = dbFetchAll('SELECT * FROM Servers');
if ( sizeof($servers) <= 1 ) {
# Only need CORSHeaders in the event that there are multiple servers in use.
return;
}
foreach( $servers as $row ) {
$Server = new Server( $row );
if ( $_SERVER['HTTP_ORIGIN'] == $Server->Url() ) {
$Server = new Server($row);
if ( preg_match('/^'.preg_quote($Server->Url(),'/').'/', $_SERVER['HTTP_ORIGIN']) ) {
$valid = true;
header('Access-Control-Allow-Origin: ' . $Server->Url() );
header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);
header('Access-Control-Allow-Headers: x-requested-with,x-request');
}
}