Congegni/sintonia
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

style(legacy): fix code format with php-cs-fixer (#1674)

Browse source
This commit is contained in:
Jonas L 2022-03-14 11:15:04 +01:00 committed by GitHub
parent e1dc69af9e
commit 69d8eae845
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
111 changed files with 1163 additions and 1163 deletions
Download patch file Download diff file Expand all files Collapse all files

6
legacy/application/common/CORSHelper.php
View file

@ -4,19 +4,19 @@ class CORSHelper
{
public static function enableCrossOriginRequests(&$request, &$response)
{
//Chrome sends the Origin header for all requests, so we whitelist the webserver's hostname as well.
// Chrome sends the Origin header for all requests, so we whitelist the webserver's hostname as well.
$origin = $request->getHeader('Origin');
$allowedOrigins = self::getAllowedOrigins($request);
if ((!(preg_match('/https?:\/\/localhost/', $origin) === 1)) && ($origin != '')
&& (!in_array($origin, $allowedOrigins))
) {
//Don't allow CORS from other domains to prevent XSS.
// Don't allow CORS from other domains to prevent XSS.
Logging::error("request origin '{$origin}' is not in allowed '" . implode(', ', $allowedOrigins) . "'!");
throw new Zend_Controller_Action_Exception('Forbidden', 403);
}
//Allow AJAX requests from configured websites. We use this to allow other pages to use LibreTimes API.
// Allow AJAX requests from configured websites. We use this to allow other pages to use LibreTimes API.
if ($origin) {
$response = $response->setHeader('Access-Control-Allow-Origin', $origin);
}