Readded CORS related stuff from private branch.

2021-05-20 21:37:29 +02:00 · 2021-05-20 21:37:29 +02:00 · 3d39d12904
commit 3d39d12904
parent 1a5152d857
2 changed files with 12 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,4 +1,5 @@
 .apikey
+.cors
 [Tt]humbs.db
 desktop.ini
 $RECYCLE.BIN/
--- a/public/get.php
+++ b/public/get.php
@ -1,6 +1,7 @@
 <?php
 define('FNP_API_KEY', __DIR__ . '/../.apikey');
 define('FNP_API_URL', 'https://ws.audioscrobbler.com');
+define('FNP_ORIGINS', __DIR__ . '/../.cors');

 define('FNP_FMT_JSON', 'json');
 define('FNP_FMT_XML',  'xml');
@ -9,6 +10,16 @@ define('FNP_FMTS', [
    FNP_FMT_XML  => 'application/xml',
 ]);

+if(!empty($_SERVER['HTTP_ORIGIN']) && is_file(FNP_ORIGINS)) {
+    $origin = parse_url($_SERVER['HTTP_ORIGIN'], PHP_URL_HOST);
+    $allowedOrigins = file(FNP_ORIGINS, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
+
+    if(in_array($origin, $allowedOrigins)) {
+        header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);
+        header('Vary: Origin');
+    }
+}
+
 if(!isset($format))
    $format = (string)(filter_input(INPUT_GET, 'f') ?? 'json');
 $pretty = !empty($_GET['p']);