Add cors-handling for testing

This commit is contained in:
Sheldon Lee 2023-11-13 22:50:32 +08:00
parent 2bfa19fe24
commit a8bc4fd92e
2 changed files with 42 additions and 0 deletions

40
php/cors.php Normal file
View File

@ -0,0 +1,40 @@
<?php
include_once __DIR__ . "/logging.php";
/**
* An example CORS-compliant method. It will allow any GET, POST, or OPTIONS requests from any
* origin.
*
* In a production environment, you probably want to be more restrictive, but this gives you
* the general idea of what is involved. For the nitty-gritty low-down, read:
*
* - https://developer.mozilla.org/en/HTTP_access_control
* - https://fetch.spec.whatwg.org/#http-cors-protocol
*
*/
function cors() {
// Allow from any origin
if (isset($_SERVER['HTTP_ORIGIN'])) {
log_print($_SERVER['HTTP_ORIGIN']);
// Decide if the origin in $_SERVER['HTTP_ORIGIN'] is one
// you want to allow, and if so:
#if ($_SERVER['HTTP_ORIGIN'] !== 'http://app1.localhost') return;
header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Max-Age: 86400'); // cache for 1 day
}
// Access-Control headers are received during OPTIONS requests
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
// may also be using PUT, PATCH, HEAD etc
header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
exit(0);
}
}
?>

View File

@ -1,5 +1,7 @@
<?php
include_once __DIR__ . "/logging.php";
include_once __DIR__ . "/cors.php";
cors();
define("ROOT_URL", "http://localhost/");
define("ROOT_DIR", "/var/www/localhost/");