Add cors-handling for testing

php/cors.php

@@ -0,0 +1,40 @@
+<?php
+include_once __DIR__ . "/logging.php";
+/**
+ *  An example CORS-compliant method.  It will allow any GET, POST, or OPTIONS requests from any
+ *  origin.
+ *
+ *  In a production environment, you probably want to be more restrictive, but this gives you
+ *  the general idea of what is involved.  For the nitty-gritty low-down, read:
+ *
+ *  - https://developer.mozilla.org/en/HTTP_access_control
+ *  - https://fetch.spec.whatwg.org/#http-cors-protocol
+ *
+ */
+function cors() {
+
+    // Allow from any origin
+    if (isset($_SERVER['HTTP_ORIGIN'])) {
+		log_print($_SERVER['HTTP_ORIGIN']);
+        // Decide if the origin in $_SERVER['HTTP_ORIGIN'] is one
+        // you want to allow, and if so:
+		#if ($_SERVER['HTTP_ORIGIN'] !== 'http://app1.localhost') return;
+        header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
+        header('Access-Control-Allow-Credentials: true');
+        header('Access-Control-Max-Age: 86400');    // cache for 1 day
+    }
+    
+    // Access-Control headers are received during OPTIONS requests
+    if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
+        
+        if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
+            // may also be using PUT, PATCH, HEAD etc
+            header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
+        
+        if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
+            header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
+    
+        exit(0);
+    }
+}
+?>

php/get.php

@@ -1,5 +1,7 @@
 <?php
 include_once __DIR__ . "/logging.php";
+include_once __DIR__ . "/cors.php";
+cors();
 
 define("ROOT_URL", "http://localhost/");
 define("ROOT_DIR", "/var/www/localhost/");