Improve CORS header implementation

mevdschee · mevdschee · commit c0603995501c · 2017-03-05T02:40:20.000+01:00
diff --git a/api.php b/api.php
@@ -2588,20 +2588,20 @@ protected function swagger($settings) {
 	}
 
 	protected function allowOrigin($origin,$allowOrigins) {
-		if ($origin) foreach (explode(',',$allowOrigins) as $o) {
-			if (preg_match('/^'.str_replace('\*','.*',preg_quote(strtolower(trim($o)))).'$/',$origin)) { 
-				header('Access-Control-Allow-Origin: '.$origin);
-				break;
+		if (isset($_SERVER['REQUEST_METHOD'])) {
+			header('Access-Control-Allow-Credentials: true');
+			foreach (explode(',',$allowOrigins) as $o) {
+				if (preg_match('/^'.str_replace('\*','.*',preg_quote(strtolower(trim($o)))).'$/',$origin)) { 
+					header('Access-Control-Allow-Origin: '.$origin);
+					break;
+				}
 			}
-		} else {
-			header('Access-Control-Allow-Origin: *');
 		}
 	}
 
 	public function executeCommand() {
-		if (isset($_SERVER['REQUEST_METHOD'])) {
+		if ($this->settings['origin']) {
 			$this->allowOrigin($this->settings['origin'],$this->settings['allow_origin']);
-			header('Access-Control-Allow-Credentials: true');
 		}
 		if (!$this->settings['request']) {
 			$this->swagger($this->settings);

Original file line number	Diff line number	Diff line change
`@@ -2588,20 +2588,20 @@ protected function swagger($settings) {`
`2588`	`2588`	`}`
`2589`	`2589`
`2590`	`2590`	`protected function allowOrigin($origin,$allowOrigins) {`
`2591`		`- if ($origin) foreach (explode(',',$allowOrigins) as $o) {`
`2592`		`- if (preg_match('/^'.str_replace('\','.',preg_quote(strtolower(trim($o)))).'$/',$origin)) {`
`2593`		`- header('Access-Control-Allow-Origin: '.$origin);`
`2594`		`- break;`
	`2591`	`+ if (isset($_SERVER['REQUEST_METHOD'])) {`
	`2592`	`+ header('Access-Control-Allow-Credentials: true');`
	`2593`	`+ foreach (explode(',',$allowOrigins) as $o) {`
	`2594`	`+ if (preg_match('/^'.str_replace('\','.',preg_quote(strtolower(trim($o)))).'$/',$origin)) {`
	`2595`	`+ header('Access-Control-Allow-Origin: '.$origin);`
	`2596`	`+ break;`
	`2597`	`+ }`
`2595`	`2598`	`}`
`2596`		`- } else {`
`2597`		`- header('Access-Control-Allow-Origin: *');`
`2598`	`2599`	`}`
`2599`	`2600`	`}`
`2600`	`2601`
`2601`	`2602`	`public function executeCommand() {`
`2602`		`- if (isset($_SERVER['REQUEST_METHOD'])) {`
	`2603`	`+ if ($this->settings['origin']) {`
`2603`	`2604`	`$this->allowOrigin($this->settings['origin'],$this->settings['allow_origin']);`
`2604`		`- header('Access-Control-Allow-Credentials: true');`
`2605`	`2605`	`}`
`2606`	`2606`	`if (!$this->settings['request']) {`
`2607`	`2607`	`$this->swagger($this->settings);`