PluginProbe ʕ •ᴥ•ʔ
Matomo Analytics – Powerful, Privacy-First Insights for WordPress / 1.3.1
Matomo Analytics – Powerful, Privacy-First Insights for WordPress v1.3.1
5.11.1 5.11.0 5.10.2 5.10.1 trunk 1.0.2 1.0.3 1.0.4 1.0.5 1.0.6 1.1.0 1.1.1 1.1.2 1.1.3 1.2.0 1.3.0 1.3.1 1.3.2 4.0.0 4.0.1 4.0.2 4.0.3 4.0.4 4.1.0 4.1.1 4.1.2 4.1.3 4.10.0 4.11.0 4.12.0 4.13.0 4.13.2 4.13.3 4.13.4 4.13.5 4.14.0 4.14.1 4.14.2 4.15.0 4.15.1 4.15.2 4.15.3 4.2.0 4.3.0 4.3.1 4.4.1 4.4.2 4.5.0 4.6.0 5.0.1 5.0.2 5.0.3 5.0.4 5.0.5 5.0.6 5.0.7 5.0.8 5.1.0 5.1.1 5.1.2 5.1.3 5.1.4 5.1.5 5.1.6 5.1.7 5.10.0 5.2.0 5.2.1 5.2.2 5.3.0 5.3.1 5.3.2 5.3.3 5.6.0 5.6.1 5.7.0 5.7.1 5.8.0 5.8.1 5.8.2
matomo / app / core / API / CORSHandler.php
matomo / app / core / API Last commit date
DataTableManipulator 6 years ago ApiRenderer.php 6 years ago CORSHandler.php 6 years ago DataTableGenericFilter.php 6 years ago DataTableManipulator.php 6 years ago DataTablePostProcessor.php 6 years ago DocumentationGenerator.php 6 years ago Inconsistencies.php 6 years ago Proxy.php 6 years ago Request.php 6 years ago ResponseBuilder.php 6 years ago
CORSHandler.php
58 lines
1 <?php
2 /**
3 * Piwik - free/libre analytics platform
4 *
5 * @link https://matomo.org
6 * @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
7 *
8 */
9 namespace Piwik\API;
10
11 use Piwik\Common;
12 use Piwik\Url;
13
14 class CORSHandler
15 {
16 /**
17 * @var array
18 */
19 protected $domains;
20
21 public function __construct()
22 {
23 $this->domains = Url::getCorsHostsFromConfig();
24 }
25
26 public function handle()
27 {
28 if (empty($this->domains)) {
29 return;
30 }
31
32 Common::sendHeader('Vary: Origin');
33
34 // allow Piwik to serve data to all domains
35 if (in_array("*", $this->domains)) {
36
37 Common::sendHeader('Access-Control-Allow-Credentials: true');
38
39 if (!empty($_SERVER['HTTP_ORIGIN'])) {
40 Common::sendHeader('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);
41 return;
42 }
43
44 Common::sendHeader('Access-Control-Allow-Origin: *');
45 return;
46 }
47
48 // specifically allow if it is one of the whitelisted CORS domains
49 if (!empty($_SERVER['HTTP_ORIGIN'])) {
50 $origin = $_SERVER['HTTP_ORIGIN'];
51 if (in_array($origin, $this->domains, true)) {
52 Common::sendHeader('Access-Control-Allow-Credentials: true');
53 Common::sendHeader('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);
54 }
55 }
56 }
57 }
58