On Tue, Dec 10, 2013 at 8:33 PM, Hannes Magnusson < [email protected]> wrote:
> On Tue, Dec 10, 2013 at 2:48 PM, Hannes Magnusson > <[email protected]> wrote: > > On Tue, Dec 10, 2013 at 2:41 PM, Sherif Ramadan <[email protected]> > wrote: > >> > >> > >> > >> On Tue, Dec 10, 2013 at 5:30 PM, Hannes Magnusson > >> <[email protected]> wrote: > >>> > >>> On Tue, Dec 10, 2013 at 1:55 PM, Sherif Ramadan <[email protected]> > wrote: > >>> > Commit: 540872824575ecfcdf42511a7784ccbd1d3f4e13 > >>> > Author: Sherif Ramadan <[email protected]> Tue, 10 Dec > 2013 > >>> > 16:55:48 -0500 > >>> > Parents: 92aa114f859b695b82743feba122a3b27a6925a7 > >>> > Branches: master > >>> > > >>> > Link: > >>> > > http://git.php.net/?p=web/php.git;a=commitdiff;h=540872824575ecfcdf42511a7784ccbd1d3f4e13 > >>> > > >>> > Log: > >>> > Fix potential Access-Control-Allow-Origin bug in vote-note.php - Bug > >>> > #65887 > >>> > > >>> > >>> Hmmmh... I already added this to prepend.inc, which this page is > >>> including.. Is that fix not working? > >>> I think its better to fix it there then specifically for this page > only. > >>> > >>> -Hannes > >> > >> > >> > >> Apparently I did not see that. Your fix seems to be relying > >> $_SERVER["HTTP_ORIGIN"], but when the request comes from http://php.netthe > >> Access-Control-Allow-Origin response header is always 'http://', which > the > >> UA does not accept. > > > > > > Well.. That fix fixed the problem of loading javascript resources > > (such as autocopmlete) from http://www.php.net when accessing > > http://php.net > > > > So I'm uncertain what exactly you mean by "response header is always > > 'http://'" ? > > > > Duuuuude... You are totally right :) > It was broken, completely, except on dev setups where you don't use port > 80 ;) > > It is fixed now.. Can this commit be reverted now? > > -Hannes > Cool, yes I will revert this in a moment.
