ZoneMinder
/
zoneminder
mirror of https://github.com/ZoneMinder/zoneminder.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

put back CORS validity checking code

pull/1207/head
Isaac Connor 2015-12-02 10:12:20 -05:00
parent 644080fd41
commit 62adb756a9
1 changed files with 12 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
web/includes/functions.php
View File

@ -95,22 +95,20 @@ function noCacheHeaders()
} }
function CORSHeaders() { function CORSHeaders() {
# This just allows cross server requests with no verification. This is ok, because we do auth later.
header("Access-Control-Allow-Origin: *" );
# The following is left for future reference/use. # The following is left for future reference/use.
#$valid = false; $valid = false;
#header("Access-Control-Allow-Headers: x-requested-with,x-request"); foreach( dbFetchAll( 'SELECT * FROM Servers' ) as $row ) {
#foreach( dbFetchAll( 'SELECT * FROM Servers' ) as $row ) { $Server = new Server( $row );
#$Server = new Server( $row ); if ( $_SERVER['HTTP_ORIGIN'] == $Server->Url() ) {
#if ( $_SERVER['HTTP_ORIGIN'] == $Server->Url() ) { $valid = true;
#$valid = true; header("Access-Control-Allow-Origin: " . $Server->Url() );
#header("Access-Control-Allow-Origin: " . $Server->Url() ); header("Access-Control-Allow-Headers: x-requested-with,x-request");
#} }
#} }
#if ( ! $valid ) { if ( ! $valid ) {
#Warning( $_SERVER['HTTP_ORIGIN'] . " is not found in servers list." ); Warning( $_SERVER['HTTP_ORIGIN'] . " is not found in servers list." );
#} }
} }
function getAuthUser( $auth ) function getAuthUser( $auth )