[PHP-WEBMASTER] com web/php: Fix same origin policy errors: images/elephpants.php include/prepend.inc

Wed, 04 Dec 2013 00:45:00 -0800 

Commit:    e0dd9f1bf937d36f330b0695996b2f5771ee6bb3
Author:    Hannes Magnusson <[email protected]>         Wed, 4 Dec 2013 
00:41:53 -0800
Parents:   bcc4cfa62ccc46113e1e47b305156caaa853723c
Branches:  master

Link:       
http://git.php.net/?p=web/php.git;a=commitdiff;h=e0dd9f1bf937d36f330b0695996b2f5771ee6bb3

Log:
Fix same origin policy errors

Maybe this fixes stuff for Opera?
It fixes some issues in Chrome fetching the elephpants for example
on http://php.net (as the elephants requests www.php.net).

The policy check will automatically support all php.net subdomains

Changed paths:
  M  images/elephpants.php
  M  include/prepend.inc


Diff:
diff --git a/images/elephpants.php b/images/elephpants.php
index 3cee268..88d4185 100644
--- a/images/elephpants.php
+++ b/images/elephpants.php
@@ -1,5 +1,5 @@
 <?php
-
+include_once $_SERVER['DOCUMENT_ROOT'] . '/include/prepend.inc';
 /*
 
  Simple script to serve elephpant images in json format.
diff --git a/include/prepend.inc b/include/prepend.inc
index a98e697..03f8ab2 100644
--- a/include/prepend.inc
+++ b/include/prepend.inc
@@ -12,6 +12,24 @@ ini_set("zlib.output_compression", 1);
 header("Content-language: en");
 header("Content-type: text/html; charset=utf-8");
 
+/* Fix Silly Same Origin Policies */
+if (isset($_SERVER["HTTP_ORIGIN"])) {
+    $host = parse_url($_SERVER["HTTP_ORIGIN"]);
+    if (strncmp(strrev($host["host"]), strrev("php.net"), strlen("php.net")) 
!= 0) {
+        exit(10);
+    }
+    if (isset($host["port"])) {
+        $hostname = $host["host"] . ":" . $host["port"];
+    }
+
+    header("Access-Control-Allow-Origin: http://$hostname";);
+    if (isset($_SERVER["HTTP_ACCESS_CONTROL_REQUEST_HEADERS"])) {
+        $headers = $_SERVER["HTTP_ACCESS_CONTROL_REQUEST_HEADERS"];
+        $headers = str_replace(array("\r", "\n", "\0"), "", $headers);
+        header("Access-Control-Allow-Headers: $headers");
+    }
+}
+
 // Be 100% sure the timezone is set
 if (ini_get("date.timezone") === "" && 
function_exists("date_default_timezone_set")) {
     date_default_timezone_set("UTC");


--
PHP Webmaster List Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to