projects/emailtemplate.it
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

11

Browse Source
This commit is contained in:
Lars Gebhardt-Kusche
2025-12-08 23:31:05 +01:00
parent 6b9587d299
commit 2a167c0c4d
1 changed files with 29 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
src/ApiKernel.php
View File

@@ -97,14 +97,36 @@ class ApiKernel
$this->fail('Invalid config', 'config file not found or not returning array', 500);
}
private function cors(): void { /* ... Logik bleibt unverändert ... */
$cors = $this->conf['cors'] ?? '*';
if ($cors) {
header('Access-Control-Allow-Origin: ' . $cors);
$corsConfig = $this->conf['cors'] ?? '*';
$originHeader = $_SERVER['HTTP_ORIGIN'] ?? '';
$allowedOrigin = null;
if (is_array($corsConfig)) {
if ($originHeader && in_array($originHeader, $corsConfig, true)) {
$allowedOrigin = $originHeader;
}
} elseif (is_string($corsConfig)) {
if ($corsConfig === '*' && $originHeader !== '') {
$allowedOrigin = $originHeader;
} else {
$allowedOrigin = $corsConfig;
}
}
if ($allowedOrigin) {
header('Access-Control-Allow-Origin: ' . $allowedOrigin);
header('Vary: Origin');
header('Access-Control-Allow-Credentials: true');
} elseif ($corsConfig === '*') {
header('Access-Control-Allow-Origin: *');
}
header('Access-Control-Allow-Methods: GET, POST, OPTIONS');
header('Access-Control-Allow-Headers: Content-Type, Authorization');
header('Access-Control-Allow-Credentials: true');
if (($_SERVER['REQUEST_METHOD'] ?? 'GET') === 'OPTIONS') {
$this->respond(['ok' => true]);
}
if (($_SERVER['REQUEST_METHOD'] ?? 'GET') === 'OPTIONS') $this->respond(['ok' => true]);
if (!empty($this->conf['auth']['cookie'])) {
$c = $this->conf['auth']['cookie'];