PluginProbe ʕ •ᴥ•ʔ
Matomo Analytics – Powerful, Privacy-First Insights for WordPress / trunk
Matomo Analytics – Powerful, Privacy-First Insights for WordPress vtrunk
5.11.1 5.11.0 5.10.2 5.10.1 trunk 1.0.2 1.0.3 1.0.4 1.0.5 1.0.6 1.1.0 1.1.1 1.1.2 1.1.3 1.2.0 1.3.0 1.3.1 1.3.2 4.0.0 4.0.1 4.0.2 4.0.3 4.0.4 4.1.0 4.1.1 4.1.2 4.1.3 4.10.0 4.11.0 4.12.0 4.13.0 4.13.2 4.13.3 4.13.4 4.13.5 4.14.0 4.14.1 4.14.2 4.15.0 4.15.1 4.15.2 4.15.3 4.2.0 4.3.0 4.3.1 4.4.1 4.4.2 4.5.0 4.6.0 5.0.1 5.0.2 5.0.3 5.0.4 5.0.5 5.0.6 5.0.7 5.0.8 5.1.0 5.1.1 5.1.2 5.1.3 5.1.4 5.1.5 5.1.6 5.1.7 5.10.0 5.2.0 5.2.1 5.2.2 5.3.0 5.3.1 5.3.2 5.3.3 5.6.0 5.6.1 5.7.0 5.7.1 5.8.0 5.8.1 5.8.2
matomo / app / core / API / CORSHandler.php
matomo / app / core / API Last commit date
DataTableManipulator 1 month ago ApiRenderer.php 3 months ago CORSHandler.php 1 year ago DataTableGenericFilter.php 1 month ago DataTableManipulator.php 1 month ago DataTablePostProcessor.php 1 month ago DocumentationGenerator.php 6 months ago Inconsistencies.php 2 years ago NoDefaultValue.php 2 years ago Proxy.php 1 month ago Request.php 1 month ago ResponseBuilder.php 1 month ago
CORSHandler.php
49 lines
1 <?php
2
3 /**
4 * Matomo - free/libre analytics platform
5 *
6 * @link https://matomo.org
7 * @license https://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
8 */
9 namespace Piwik\API;
10
11 use Piwik\Common;
12 use Piwik\Url;
13 class CORSHandler
14 {
15 /**
16 * @var array
17 */
18 protected $domains;
19 public function __construct()
20 {
21 $this->domains = Url::getCorsHostsFromConfig();
22 }
23 public function handle()
24 {
25 if (empty($this->domains)) {
26 return;
27 }
28 Common::sendHeader('Vary: Origin');
29 // allow Piwik to serve data to all domains
30 if (in_array("*", $this->domains)) {
31 Common::sendHeader('Access-Control-Allow-Credentials: true');
32 if (!empty($_SERVER['HTTP_ORIGIN'])) {
33 Common::sendHeader('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);
34 return;
35 }
36 Common::sendHeader('Access-Control-Allow-Origin: *');
37 return;
38 }
39 // specifically allow if it is one of the allowlisted CORS domains
40 if (!empty($_SERVER['HTTP_ORIGIN'])) {
41 $origin = $_SERVER['HTTP_ORIGIN'];
42 if (in_array($origin, $this->domains, \true)) {
43 Common::sendHeader('Access-Control-Allow-Credentials: true');
44 Common::sendHeader('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);
45 }
46 }
47 }
48 }
49