Congegni/sintonia
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Rename airtime_mvc/ to legacy/

Browse source
This commit is contained in:
jo 2021-10-11 13:43:25 +02:00
parent f0879322c2
commit 3e18d42c8b
1316 changed files with 0 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

59
legacy/application/common/CORSHelper.php Normal file
View file

@ -0,0 +1,59 @@
<?php
class CORSHelper
{
public static function enableCrossOriginRequests(&$request, &$response)
{
//Chrome sends the Origin header for all requests, so we whitelist the webserver's hostname as well.
$origin = $request->getHeader('Origin');
$allowedOrigins = self::getAllowedOrigins($request);
if ((!(preg_match("/https?:\/\/localhost/", $origin) === 1)) && ($origin != "") &&
(!in_array($origin, $allowedOrigins))
) {
//Don't allow CORS from other domains to prevent XSS.
Logging::error("request origin '{$origin}' is not in allowed '" . implode(', ', $allowedOrigins) . "'!");
throw new Zend_Controller_Action_Exception('Forbidden', 403);
}
//Allow AJAX requests from configured websites. We use this to allow other pages to use LibreTimes API.
if ($origin) {
$response = $response->setHeader('Access-Control-Allow-Origin', $origin);
}
}
/**
* Get all allowed origins
*
* @param Request $request request object
*/
public static function getAllowedOrigins($request)
{
$allowedCorsUrls = array_map(
function($v) { return trim($v); },
explode(PHP_EOL, Application_Model_Preference::GetAllowedCorsUrls())
);
// always allow the configured server in (as reported by the server and not what is i baseUrl)
$scheme = $request->getServer('REQUEST_SCHEME');
$host = $request->getServer('SERVER_NAME');
$port = $request->getServer('SERVER_PORT');
$portString = '';
if (
$scheme == 'https' && $port != 443 ||
$scheme == 'http' && $port != 80
) {
$portString = sprintf(':%s', $port);
}
$requestedUrl = sprintf(
'%s://%s%s',
$scheme,
$host,
$portString
);
return array_merge($allowedCorsUrls, array(
$requestedUrl
));
}
}