ZoneMinder
/
zoneminder
mirror of https://github.com/ZoneMinder/zoneminder.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

put back CORS validity checking code

pull/1207/head
Isaac Connor 2015-12-02 10:12:20 -05:00
parent 644080fd41
commit 62adb756a9
1 changed files with 12 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
web/includes/functions.php
View File

@ -95,22 +95,20 @@ function noCacheHeaders()
}
function CORSHeaders() {
# This just allows cross server requests with no verification. This is ok, because we do auth later.
header("Access-Control-Allow-Origin: *" );
# The following is left for future reference/use.
#$valid = false;
#header("Access-Control-Allow-Headers: x-requested-with,x-request");
#foreach( dbFetchAll( 'SELECT * FROM Servers' ) as $row ) {
#$Server = new Server( $row );
#if ( $_SERVER['HTTP_ORIGIN'] == $Server->Url() ) {
#$valid = true;
#header("Access-Control-Allow-Origin: " . $Server->Url() );
#}
#}
#if ( ! $valid ) {
#Warning( $_SERVER['HTTP_ORIGIN'] . " is not found in servers list." );
#}
$valid = false;
foreach( dbFetchAll( 'SELECT * FROM Servers' ) as $row ) {
$Server = new Server( $row );
if ( $_SERVER['HTTP_ORIGIN'] == $Server->Url() ) {
$valid = true;
header("Access-Control-Allow-Origin: " . $Server->Url() );
header("Access-Control-Allow-Headers: x-requested-with,x-request");
}
}
if ( ! $valid ) {
Warning( $_SERVER['HTTP_ORIGIN'] . " is not found in servers list." );
}
}
function getAuthUser( $auth )