From f1245c5a93f3dfb8332276f1aaa9a1a20479a332 Mon Sep 17 00:00:00 2001
From: flashwave <me@flash.moe>
Date: Thu, 20 May 2021 21:37:29 +0200
Subject: [PATCH] Readded CORS related stuff from private branch.

---
 .gitignore     |  1 +
 public/get.php | 11 +++++++++++
 2 files changed, 12 insertions(+)

diff --git a/.gitignore b/.gitignore
index 7a35c3c..d6d7a9b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,5 @@
 .apikey
+.cors
 [Tt]humbs.db
 desktop.ini
 $RECYCLE.BIN/
diff --git a/public/get.php b/public/get.php
index 7a19210..e450bb9 100644
--- a/public/get.php
+++ b/public/get.php
@@ -1,6 +1,7 @@
 <?php
 define('FNP_API_KEY', __DIR__ . '/../.apikey');
 define('FNP_API_URL', 'https://ws.audioscrobbler.com');
+define('FNP_ORIGINS', __DIR__ . '/../.cors');
 
 define('FNP_FMT_JSON', 'json');
 define('FNP_FMT_XML',  'xml');
@@ -9,6 +10,16 @@ define('FNP_FMTS', [
     FNP_FMT_XML  => 'application/xml',
 ]);
 
+if(!empty($_SERVER['HTTP_ORIGIN']) && is_file(FNP_ORIGINS)) {
+    $origin = parse_url($_SERVER['HTTP_ORIGIN'], PHP_URL_HOST);
+    $allowedOrigins = file(FNP_ORIGINS, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
+
+    if(in_array($origin, $allowedOrigins)) {
+        header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);
+        header('Vary: Origin');
+    }
+}
+
 if(!isset($format))
     $format = (string)(filter_input(INPUT_GET, 'f') ?? 'json');
 $pretty = !empty($_GET['p']);