Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[index] clarify CORS(the same origin) security policy #47

Closed
gnh1201 opened this issue May 23, 2019 · 3 comments
Closed

[index] clarify CORS(the same origin) security policy #47

gnh1201 opened this issue May 23, 2019 · 3 comments
Labels
commercial will be fix in the commercial world

Comments

@gnh1201
Copy link
Owner

gnh1201 commented May 23, 2019
edited
Loading

It solves communication errors caused by unclear CORS(the same origin) security policies.

define("CORS_DOMAINS", "exts.kr,catswords.re.kr");
// ... (생략) ...
// CORS Security (https or http)
if(CORS_DOMAINS !== false) {
    $domains = explode(",", CORS_DOMAINS);
    $_origin = $_SERVER['HTTP_ORIGIN'];
    $origins = array();
    if(!in_array("*", $domains)) {
        foreach($domains as $domain) {
            if(!empty($domain)) {
                $origins[] = sprintf("https://%s", $domain);
                $origins[] = sprintf("http://%s", $domain);
            }
        }
        if(count($origins) > 0) {
            if(in_array($_origin, $origins)) {
                header(sprintf("Access-Control-Allow-Origin: %s", $_origin));
            } else {
                header(sprintf("Access-Control-Allow-Origin: %s", $origins[0])); 
            }
        }
    } else {
        header("Access-Control-Allow-Origin: *");
    }
}
@gnh1201
Copy link
Owner Author

gnh1201 commented May 23, 2019
edited
Loading

edited index file.

@gnh1201 gnh1201 closed this as completed May 23, 2019
@gnh1201 gnh1201 pinned this issue May 23, 2019
@gnh1201
Copy link
Owner Author

gnh1201 commented May 23, 2019
edited
Loading

Add supporting the wildcard

define("CORS_DOMAINS", "exts.kr,*.exts.kr,catswords.re.kr,*.catswords.re.kr");
// ... (생략) ...
// CORS Security (https or http)
if(CORS_DOMAINS !== false) {
    $domains = explode(",", CORS_DOMAINS);
    $_origin = $_SERVER['HTTP_ORIGIN'];
    $origins = array();
    if(!in_array("*", $domains)) {
        foreach($domains as $domain) {
            if(!empty($domain)) {
                if(substr($domain, 0, 2) == "*.") { // support wildcard
                    $needle = substr($domain, 1);
                    $length = strlen($needle);
                    if(substr($_origin, -$length) === $needle) {
                        $origins[] = $_origin;
                    }
                } else {
                    $origins[] = sprintf("https://%s", $domain);
                    $origins[] = sprintf("http://%s", $domain);
                }
            }
        }
        if(count($origins) > 0) {
            if(in_array($_origin, $origins)) {
                header(sprintf("Access-Control-Allow-Origin: %s", $_origin));
            } else {
                header(sprintf("Access-Control-Allow-Origin: %s", $origins[0])); 
            }
        }
    } else {
        header("Access-Control-Allow-Origin: *");
    }
}

@gnh1201 gnh1201 reopened this May 23, 2019
@gnh1201
Copy link
Owner Author

gnh1201 commented May 23, 2019
edited
Loading

TESTED

@gnh1201 gnh1201 closed this as completed May 23, 2019
@gnh1201 gnh1201 added the commercial will be fix in the commercial world label Sep 27, 2019
@gnh1201 gnh1201 changed the title [index] CORS (동일 출처 원칙) 보안 정책 명확화 [index] clarify CORS(the same origin) security policy Feb 7, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
commercial will be fix in the commercial world
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gnh1201