On Tue, Dec 10, 2013 at 5:30 PM, Hannes Magnusson < [email protected]> wrote:
> On Tue, Dec 10, 2013 at 1:55 PM, Sherif Ramadan <[email protected]> wrote: > > Commit: 540872824575ecfcdf42511a7784ccbd1d3f4e13 > > Author: Sherif Ramadan <[email protected]> Tue, 10 Dec 2013 > 16:55:48 -0500 > > Parents: 92aa114f859b695b82743feba122a3b27a6925a7 > > Branches: master > > > > Link: > http://git.php.net/?p=web/php.git;a=commitdiff;h=540872824575ecfcdf42511a7784ccbd1d3f4e13 > > > > Log: > > Fix potential Access-Control-Allow-Origin bug in vote-note.php - Bug > #65887 > > > > Hmmmh... I already added this to prepend.inc, which this page is > including.. Is that fix not working? > I think its better to fix it there then specifically for this page only. > > -Hannes > Apparently I did not see that. Your fix seems to be relying $_SERVER["HTTP_ORIGIN"], but when the request comes from http://php.netthe Access-Control-Allow-Origin response header is always 'http://', which the UA does not accept.
