Merge branch 'cc-5709-airtime-analyzer-buy-now-saas' into saas
This commit is contained in:
commit
9c14cfd47c
5 changed files with 43 additions and 20 deletions
|
@ -1,6 +1,7 @@
|
|||
<?php
|
||||
|
||||
require_once('WhmcsLoginController.php');
|
||||
require_once('CORSHelper.php');
|
||||
|
||||
class LoginController extends Zend_Controller_Action
|
||||
{
|
||||
|
@ -14,25 +15,11 @@ class LoginController extends Zend_Controller_Action
|
|||
$CC_CONFIG = Config::getConfig();
|
||||
|
||||
$request = $this->getRequest();
|
||||
$response = $this->getResponse();
|
||||
|
||||
//Allow AJAX requests from www.airtime.pro. We use this to automatically login users
|
||||
//after they sign up from the microsite.
|
||||
//Chrome sends the Origin header for all requests, so we whitelist the webserver's hostname as well.
|
||||
$response = $this->getResponse()->setHeader('Access-Control-Allow-Origin', '*');
|
||||
$origin = $request->getHeader('Origin');
|
||||
if (($origin != "") &&
|
||||
(!in_array($origin,
|
||||
array("http://www.airtime.pro",
|
||||
"https://www.airtime.pro",
|
||||
"http://" . $_SERVER['SERVER_NAME'],
|
||||
"https://" . $_SERVER['SERVER_NAME']
|
||||
))
|
||||
))
|
||||
{
|
||||
//Don't allow CORS from other domains to prevent XSS.
|
||||
throw new Zend_Controller_Action_Exception('Forbidden', 403);
|
||||
}
|
||||
|
||||
//Enable AJAX requests from www.airtime.pro for the sign-in process.
|
||||
CORSHelper::enableATProCrossOriginRequests($request, $response);
|
||||
|
||||
Application_Model_Locale::configureLocalization($request->getcookie('airtime_locale', 'en_CA'));
|
||||
$auth = Zend_Auth::getInstance();
|
||||
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue