PluginProbe ʕ •ᴥ•ʔ
Matomo Analytics – Powerful, Privacy-First Insights for WordPress / 5.2.0
Matomo Analytics – Powerful, Privacy-First Insights for WordPress v5.2.0
5.11.1 5.11.0 5.10.2 5.10.1 trunk 1.0.2 1.0.3 1.0.4 1.0.5 1.0.6 1.1.0 1.1.1 1.1.2 1.1.3 1.2.0 1.3.0 1.3.1 1.3.2 4.0.0 4.0.1 4.0.2 4.0.3 4.0.4 4.1.0 4.1.1 4.1.2 4.1.3 4.10.0 4.11.0 4.12.0 4.13.0 4.13.2 4.13.3 4.13.4 4.13.5 4.14.0 4.14.1 4.14.2 4.15.0 4.15.1 4.15.2 4.15.3 4.2.0 4.3.0 4.3.1 4.4.1 4.4.2 4.5.0 4.6.0 5.0.1 5.0.2 5.0.3 5.0.4 5.0.5 5.0.6 5.0.7 5.0.8 5.1.0 5.1.1 5.1.2 5.1.3 5.1.4 5.1.5 5.1.6 5.1.7 5.10.0 5.2.0 5.2.1 5.2.2 5.3.0 5.3.1 5.3.2 5.3.3 5.6.0 5.6.1 5.7.0 5.7.1 5.8.0 5.8.1 5.8.2
matomo / app / core / API / CORSHandler.php
matomo / app / core / API Last commit date
DataTableManipulator 1 year ago ApiRenderer.php 1 year ago CORSHandler.php 1 year ago DataTableGenericFilter.php 1 year ago DataTableManipulator.php 1 year ago DataTablePostProcessor.php 1 year ago DocumentationGenerator.php 1 year ago Inconsistencies.php 2 years ago NoDefaultValue.php 2 years ago Proxy.php 1 year ago Request.php 1 year ago ResponseBuilder.php 1 year ago
CORSHandler.php
49 lines
1 <?php
2
3 /**
4 * Matomo - free/libre analytics platform
5 *
6 * @link https://matomo.org
7 * @license https://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
8 */
9 namespace Piwik\API;
10
11 use Piwik\Common;
12 use Piwik\Url;
13 class CORSHandler
14 {
15 /**
16 * @var array
17 */
18 protected $domains;
19 public function __construct()
20 {
21 $this->domains = Url::getCorsHostsFromConfig();
22 }
23 public function handle()
24 {
25 if (empty($this->domains)) {
26 return;
27 }
28 Common::sendHeader('Vary: Origin');
29 // allow Piwik to serve data to all domains
30 if (in_array("*", $this->domains)) {
31 Common::sendHeader('Access-Control-Allow-Credentials: true');
32 if (!empty($_SERVER['HTTP_ORIGIN'])) {
33 Common::sendHeader('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);
34 return;
35 }
36 Common::sendHeader('Access-Control-Allow-Origin: *');
37 return;
38 }
39 // specifically allow if it is one of the allowlisted CORS domains
40 if (!empty($_SERVER['HTTP_ORIGIN'])) {
41 $origin = $_SERVER['HTTP_ORIGIN'];
42 if (in_array($origin, $this->domains, \true)) {
43 Common::sendHeader('Access-Control-Allow-Credentials: true');
44 Common::sendHeader('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);
45 }
46 }
47 }
48 }
49