From aed29e2007aecb05f2156d574d2d5434e87a53bd Mon Sep 17 00:00:00 2001
From: flashwave <me@flash.moe>
Date: Tue, 14 Jan 2025 04:10:46 +0000
Subject: [PATCH] Also attempt CORS fixes here.

---
 src/V1/V1Routes.php | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/V1/V1Routes.php b/src/V1/V1Routes.php
index ee04b49..08f2a86 100644
--- a/src/V1/V1Routes.php
+++ b/src/V1/V1Routes.php
@@ -11,11 +11,13 @@ class V1Routes implements RouteHandler {
 
     public function registerRoutes(Router $router): void {
         $router->use('/', function(HttpResponseBuilder $response, HttpRequest $request) {
-            $response->setHeader('Access-Control-Allow-Origin', '*');
             $response->setHeader('Access-Control-Allow-Headers', 'Authorization');
 
             if($request->hasHeader('Origin')) {
-                $host = parse_url($request->getHeaderLine('Origin'), PHP_URL_HOST);
+                $origin = $request->getHeaderLine('Origin');
+                $response->setHeader('Access-Control-Allow-Origin', $origin);
+                $response->setHeader('Vary', 'Origin');
+                $host = parse_url($origin, PHP_URL_HOST);
                 if(is_string($host)) {
                     $host = '.' . $host;
                     $allowCookieOrigins = $this->ctx->allowCookieOrigins;
@@ -25,7 +27,8 @@ class V1Routes implements RouteHandler {
                             break;
                         }
                 }
-            }
+            } else
+                $response->setHeader('Access-Control-Allow-Origin', '*');
         });
 
         $router->use('/', $this->ctx->authz->bearerTokenAuthMiddleware(...));