Add cors-handling for testing
This commit is contained in:
parent
2bfa19fe24
commit
a8bc4fd92e
40
php/cors.php
Normal file
40
php/cors.php
Normal file
@ -0,0 +1,40 @@
|
||||
<?php
|
||||
include_once __DIR__ . "/logging.php";
|
||||
/**
|
||||
* An example CORS-compliant method. It will allow any GET, POST, or OPTIONS requests from any
|
||||
* origin.
|
||||
*
|
||||
* In a production environment, you probably want to be more restrictive, but this gives you
|
||||
* the general idea of what is involved. For the nitty-gritty low-down, read:
|
||||
*
|
||||
* - https://developer.mozilla.org/en/HTTP_access_control
|
||||
* - https://fetch.spec.whatwg.org/#http-cors-protocol
|
||||
*
|
||||
*/
|
||||
function cors() {
|
||||
|
||||
// Allow from any origin
|
||||
if (isset($_SERVER['HTTP_ORIGIN'])) {
|
||||
log_print($_SERVER['HTTP_ORIGIN']);
|
||||
// Decide if the origin in $_SERVER['HTTP_ORIGIN'] is one
|
||||
// you want to allow, and if so:
|
||||
#if ($_SERVER['HTTP_ORIGIN'] !== 'http://app1.localhost') return;
|
||||
header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
|
||||
header('Access-Control-Allow-Credentials: true');
|
||||
header('Access-Control-Max-Age: 86400'); // cache for 1 day
|
||||
}
|
||||
|
||||
// Access-Control headers are received during OPTIONS requests
|
||||
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
|
||||
|
||||
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
|
||||
// may also be using PUT, PATCH, HEAD etc
|
||||
header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
|
||||
|
||||
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
|
||||
header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
|
||||
|
||||
exit(0);
|
||||
}
|
||||
}
|
||||
?>
|
@ -1,5 +1,7 @@
|
||||
<?php
|
||||
include_once __DIR__ . "/logging.php";
|
||||
include_once __DIR__ . "/cors.php";
|
||||
cors();
|
||||
|
||||
define("ROOT_URL", "http://localhost/");
|
||||
define("ROOT_DIR", "/var/www/localhost/");
|
||||
|
Loading…
Reference in New Issue
Block a user