are0h
/
Fipamo
1
2
Fork 0
Code Issues 19 Pull Requests 1 Packages Projects 1 Releases 22 Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
develop
toggle-buttons-#109
beta
nodejs-version-freeze
sql-version-freeze
1.0.0
b1.0.1
b1.2.0
b1.2.1
b1.2.2
b1.2.3
b1.2.4
b2.0.0
b2.1.0
b2.1.1
b2.2.0
b2.2.1
b2.2.2
b2.2.3
b2.2.4
b2.3.0
b2.4.0
b2.4.1
b2.5.0
b2.5.1
b2.6.0
b2.6.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '302362a478'
${ noResults }
Fipamo/brain/utility/HandleCors.php

62 lines
2.6 KiB
PHP
Raw Blame History

<?php
namespace brain\utility;
use brain\data\Settings;
class HandleCors
{
public function __construct()
{
//look to see if settings file exists. kinda important
if (file_exists('../config/settings.json')) {
//check settings to see if external api access is allowed
$config = new Settings();
$settings = $config->getSettings();
if ($settings['global']['externalAPI']) {
//echo "API STATUS: " . $settings["global"]["externalAPI"];
if ($settings['global']['externalAPI'] == 'true') {
//echo "API ACCESS ACTIVE";
// checks to see if origin is set
if (isset($_SERVER['HTTP_ORIGIN'])) {
// You can decide if the origin in $_SERVER['HTTP_ORIGIN']
//is something you want to allow, or as we do here, just allow all
header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
} else {
//No HTTP_ORIGIN set, so we allow any. You can disallow if needed here
//never allow just any domain, so turn CORS off if no No HTTP_ORIGIN is set
//header("Access-Control-Allow-Origin: *");
}
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Max-Age: 600'); // cache for 10 minutes
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD'])) {
header(
'Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE, PUT'
);
} //Make sure you remove those you do not want to support
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS'])) {
header(
"Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}"
);
}
//Just exit with 200 OK with the above headers for OPTIONS method
exit(0);
}
} else {
//echo "API ACCESS ACTIVE";
}
} else {
//value doesn't exist, so whatevs
//echo "API ACCESS VALUE NOT PRESENT";
}
} else {
//init state, so chill
}
}
}
Reference in New Issue View Git Blame Copy Permalink