Add Access-Control-Allow-Origin header to API

This commit is contained in:
Alma Armas 2020-09-12 08:11:00 +00:00
parent 8999d6bd2f
commit 05b7061471

View file

@ -12,7 +12,7 @@ final class VKAPIPresenter extends OpenVKPresenter
{ {
$date = date(DATE_COOKIE); $date = date(DATE_COOKIE);
$params = json_encode($_REQUEST); $params = json_encode($_REQUEST);
$log = "[$date] $object.$method called with $params"; $log = "[$date] $object.$method called with $params\r\n";
file_put_contents(OPENVK_ROOT . "/VKAPI/debug.log", $log, FILE_APPEND | LOCK_EX); file_put_contents(OPENVK_ROOT . "/VKAPI/debug.log", $log, FILE_APPEND | LOCK_EX);
} }
@ -52,6 +52,20 @@ final class VKAPIPresenter extends OpenVKPresenter
$this->fail(100, "Required parameter '$param' missing.", $object, $method); $this->fail(100, "Required parameter '$param' missing.", $object, $method);
} }
function onStartup(): void
{
parent::onStartup();
# idk, but in case we will ever support non-standard HTTP credential authflow
$origin = "*";
if(isset($_SERVER["HTTP_REFERER"])) {
$refOrigin = parse_url($_SERVER["HTTP_REFERER"], PHP_URL_SCHEME) . "://" . parse_url($_SERVER["HTTP_REFERER"], PHP_URL_HOST);
if($refOrigin !== false)
$origin = $refOrigin;
}
header("Access-Control-Allow-Origin: $origin");
}
function renderRoute(string $object, string $method): void function renderRoute(string $object, string $method): void
{ {
$authMechanism = $this->queryParam("auth_mechanism") ?? "token"; $authMechanism = $this->queryParam("auth_mechanism") ?? "token";
@ -151,4 +165,4 @@ final class VKAPIPresenter extends OpenVKPresenter
header("Content-Length: $size"); header("Content-Length: $size");
exit($payload); exit($payload);
} }
} }