Skip to content

Commit

Permalink
do not enforce allowed origins on localhost
Browse files Browse the repository at this point in the history
  • Loading branch information
@JohnRDOrazio
JohnRDOrazio committed Dec 2, 2024
1 parent b3f4fec commit 301e4cf
Showing 1 changed file with 53 additions and 6 deletions.
59 changes: 53 additions & 6 deletions src/Router.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,11 @@ private static function buildRequestPathParts(): array
return explode('/', $requestPath);
}

/**
* Returns true if the server is running on localhost.
*
* @return bool true if the server is running on localhost, false otherwise
*/
public static function isLocalhost(): bool
{
$localhostAddresses = ['127.0.0.1', '::1'];
Expand Down Expand Up @@ -136,7 +141,10 @@ public static function route(): void
RequestMethod::DELETE,
RequestMethod::OPTIONS
]);
if (in_array(Tests::$Core->getRequestMethod(), [ RequestMethod::PUT, RequestMethod::PATCH, RequestMethod::DELETE ], true)) {
if (
in_array(Tests::$Core->getRequestMethod(), [ RequestMethod::PUT, RequestMethod::PATCH, RequestMethod::DELETE ], true)
&& false === Router::isLocalhost()
) {
Tests::$Core->setAllowedOrigins(self::$allowedOrigins);
}
Tests::$Core->setAllowedRequestContentTypes([ RequestContentType::JSON ]);
Expand All @@ -146,7 +154,18 @@ public static function route(): void
case 'events':
$Events = new Events();
Events::$Core->setAllowedRequestMethods([ RequestMethod::GET, RequestMethod::POST, RequestMethod::OPTIONS ]);
if (in_array(Events::$Core->getRequestMethod(), [ RequestMethod::PUT, RequestMethod::PATCH, RequestMethod::DELETE ], true)) {
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD'])) {
if (
in_array($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD'], [ RequestMethod::PUT, RequestMethod::PATCH, RequestMethod::DELETE ], true)
&& false === Router::isLocalhost()
) {
Events::$Core->setAllowedOrigins(self::$allowedOrigins);
}
}
if (
in_array(Events::$Core->getRequestMethod(), [ RequestMethod::PUT, RequestMethod::PATCH, RequestMethod::DELETE ], true)
&& false === Router::isLocalhost()
) {
Events::$Core->setAllowedOrigins(self::$allowedOrigins);
}
Events::$Core->setAllowedRequestContentTypes([ RequestContentType::JSON, RequestContentType::FORMDATA ]);
Expand All @@ -164,11 +183,17 @@ public static function route(): void
RequestMethod::OPTIONS
]);
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD'])) {
if (in_array($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD'], [ RequestMethod::PUT, RequestMethod::PATCH, RequestMethod::DELETE ], true)) {
if (
in_array($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD'], [ RequestMethod::PUT, RequestMethod::PATCH, RequestMethod::DELETE ], true)
&& false === Router::isLocalhost()
) {
RegionalData::$Core->setAllowedOrigins(self::$allowedOrigins);
}
}
if (in_array(RegionalData::$Core->getRequestMethod(), [ RequestMethod::PUT, RequestMethod::PATCH, RequestMethod::DELETE ], true)) {
if (
in_array(RegionalData::$Core->getRequestMethod(), [ RequestMethod::PUT, RequestMethod::PATCH, RequestMethod::DELETE ], true)
&& false === Router::isLocalhost()
) {
RegionalData::$Core->setAllowedOrigins(self::$allowedOrigins);
}
RegionalData::$Core->setAllowedRequestContentTypes([
Expand All @@ -192,7 +217,18 @@ public static function route(): void
RequestMethod::DELETE,
RequestMethod::OPTIONS
]);
if (in_array(Missals::$Core->getRequestMethod(), [ RequestMethod::PUT, RequestMethod::PATCH, RequestMethod::DELETE ], true)) {
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD'])) {
if (
in_array($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD'], [ RequestMethod::PUT, RequestMethod::PATCH, RequestMethod::DELETE ], true)
&& false === Router::isLocalhost()
) {
Missals::$Core->setAllowedOrigins(self::$allowedOrigins);
}
}
if (
in_array(Missals::$Core->getRequestMethod(), [ RequestMethod::PUT, RequestMethod::PATCH, RequestMethod::DELETE ], true)
&& false === Router::isLocalhost()
) {
Missals::$Core->setAllowedOrigins(self::$allowedOrigins);
}
Missals::$Core->setAllowedRequestContentTypes([ RequestContentType::JSON, RequestContentType::YAML, RequestContentType::FORMDATA ]);
Expand All @@ -215,7 +251,18 @@ public static function route(): void
RequestMethod::DELETE,
RequestMethod::OPTIONS
]);
if (in_array(Decrees::$Core->getRequestMethod(), [ RequestMethod::PUT, RequestMethod::PATCH, RequestMethod::DELETE ], true)) {
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD'])) {
if (
in_array($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD'], [ RequestMethod::PUT, RequestMethod::PATCH, RequestMethod::DELETE ], true)
&& false === Router::isLocalhost()
) {
Decrees::$Core->setAllowedOrigins(self::$allowedOrigins);
}
}
if (
in_array(Decrees::$Core->getRequestMethod(), [ RequestMethod::PUT, RequestMethod::PATCH, RequestMethod::DELETE ], true)
&& false === Router::isLocalhost()
) {
Decrees::$Core->setAllowedOrigins(self::$allowedOrigins);
}
Decrees::$Core->setAllowedRequestContentTypes([ RequestContentType::JSON, RequestContentType::YAML, RequestContentType::FORMDATA ]);
Expand Down

0 comments on commit 301e4cf

Please sign in to comment.