From 05b70614718a39c16b8402161bbb628bcfac2c19 Mon Sep 17 00:00:00 2001
From: Alma Armas <celestine@vriska.ru>
Date: Sat, 12 Sep 2020 08:11:00 +0000
Subject: [PATCH] Add Access-Control-Allow-Origin header to API

---
 Web/Presenters/VKAPIPresenter.php | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/Web/Presenters/VKAPIPresenter.php b/Web/Presenters/VKAPIPresenter.php
index c82f9b37..ff417d4d 100644
--- a/Web/Presenters/VKAPIPresenter.php
+++ b/Web/Presenters/VKAPIPresenter.php
@@ -12,7 +12,7 @@ final class VKAPIPresenter extends OpenVKPresenter
     {
         $date   = date(DATE_COOKIE);
         $params = json_encode($_REQUEST);
-        $log    = "[$date] $object.$method called with $params";
+        $log    = "[$date] $object.$method called with $params\r\n";
         file_put_contents(OPENVK_ROOT . "/VKAPI/debug.log", $log, FILE_APPEND | LOCK_EX);
     }
     
@@ -52,6 +52,20 @@ final class VKAPIPresenter extends OpenVKPresenter
         $this->fail(100, "Required parameter '$param' missing.", $object, $method);
     }
     
+    function onStartup(): void
+    {
+        parent::onStartup();
+        
+        # idk, but in case we will ever support non-standard HTTP credential authflow
+        $origin = "*";
+        if(isset($_SERVER["HTTP_REFERER"])) {
+            $refOrigin = parse_url($_SERVER["HTTP_REFERER"], PHP_URL_SCHEME) . "://" . parse_url($_SERVER["HTTP_REFERER"], PHP_URL_HOST);
+            if($refOrigin !== false)
+                $origin = $refOrigin;
+        }
+        header("Access-Control-Allow-Origin: $origin");
+    }
+    
     function renderRoute(string $object, string $method): void
     {
         $authMechanism = $this->queryParam("auth_mechanism") ?? "token";
@@ -151,4 +165,4 @@ final class VKAPIPresenter extends OpenVKPresenter
         header("Content-Length: $size");
         exit($payload);
     }
-} 
+}