Update index.php

2019-05-24 00:18:34 +09:00 · 2019-05-24 00:18:34 +09:00 · de87e84775
commit de87e84775
parent eb83665028
1 changed files with 24 additions and 1 deletions
--- a/index.php
+++ b/index.php
@ -9,8 +9,9 @@

 define("_DEF_VSPF_", true); // compatible to VSPF
 define("_DEF_RSF_", true); // compatible to RSF
-define("APP_DEVELOPMENT", false); // set the status of development
+define("APP_DEVELOPMENT", true); // set the status of development
 define("DOC_EOL", "\r\n"); // set the 'end of line' commonly
+define("CORS_DOMAINS", false); // allow origin domains

 // check if current status is development
 if(APP_DEVELOPMENT == true) {
@ -18,6 +19,28 @@ if(APP_DEVELOPMENT == true) {
    ini_set("display_errors", 1);
 }

+// CORS Security (https or http)
+if(CORS_DOMAINS !== false) {
+    $domains = explode(",", CORS_DOMAINS);
+    $_origin = $_SERVER['HTTP_ORIGIN'];
+    $origins = array();
+    if(!in_array("*", $domains)) {
+        foreach($domains as $domain) {
+            $origins[] = sprintf("https://%s", $domain);
+            $origins[] = sprintf("http://%s", $domain);
+        }
+        if(count($origins) > 0) {
+            if(in_array($_origin, $origins)) {
+                header(sprintf("Access-Control-Allow-Origin: %s", $_origin));
+            } else {
+                header(sprintf("Access-Control-Allow-Origin: https://%s", $origins[0])); 
+            }
+        }
+    } else {
+        header("Access-Control-Allow-Origin: *");
+    }
+}
+
 // set empty scope
 $scope = array();