flashii/misuzu
flashii/misuzu
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Yeah, I'm somewhat of an idiot myself.

Browse source
This commit is contained in:
flash 2022-02-14 21:11:12 +00:00
parent e5dcd654d3
commit a86500ad7a
1 changed files with 11 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
src/Http/Handlers/SockChatHandler.php
View file

@ -396,18 +396,22 @@ final class SockChatHandler extends Handler {
public function token(HttpResponse $response, HttpRequest $request) { public function token(HttpResponse $response, HttpRequest $request) {
$host = $request->getHeaderLine('Host'); $host = $request->getHeaderLine('Host');
$origin = strtolower(parse_url($request->getHeaderLine('Origin'), PHP_URL_HOST)); $origin = $request->getHeaderLine('Origin');
$originHost = strtolower(parse_url($origin, PHP_URL_HOST));
if(!empty($origin) && $origin !== $host) { if(!empty($originHost) && $originHost !== $host) {
$whitelist = Config::get('sockChat.origins', Config::TYPE_ARR, []); $whitelist = Config::get('sockChat.origins', Config::TYPE_ARR, []);
if(!in_array($origin, $whitelist)) if(!in_array($originHost, $whitelist))
return 403; return 403;
$request->setHeader('Access-Control-Allow-Origin', $origin); $originProto = strtolower(parse_url($origin, PHP_URL_SCHEME));
$request->setHeader('Access-Control-Allow-Methods', 'OPTIONS, GET'); $origin = $originProto . '://' . $originHost;
$request->setHeader('Access-Control-Allow-Credentials', 'true');
$request->setHeader('Vary', 'Origin'); $response->setHeader('Access-Control-Allow-Origin', $origin);
$response->setHeader('Access-Control-Allow-Methods', 'OPTIONS, GET');
$response->setHeader('Access-Control-Allow-Credentials', 'true');
$response->setHeader('Vary', 'Origin');
} }
if($request->getMethod() === 'OPTIONS') if($request->getMethod() === 'OPTIONS')