From 23364cfc55d463265466a3b8ec581b71ee7962bb Mon Sep 17 00:00:00 2001 From: Adyanth H <33192449+adyanth@users.noreply.github.com> Date: Mon, 7 Jun 2021 16:19:04 +0530 Subject: [PATCH 1/2] Adding CORS support via environment variable Signed-off-by: Adyanth H <33192449+adyanth@users.noreply.github.com> --- scripts/pi-hole/php/auth.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/scripts/pi-hole/php/auth.php b/scripts/pi-hole/php/auth.php index 21a25c460..6181f85fe 100644 --- a/scripts/pi-hole/php/auth.php +++ b/scripts/pi-hole/php/auth.php @@ -47,7 +47,12 @@ function check_cors() { $virtual_host = getenv('VIRTUAL_HOST'); if (! empty($virtual_host)) array_push($AUTHORIZED_HOSTNAMES, $virtual_host); - + + # Allow user set CORS + $cors_hosts = getenv('CORS_HOSTS'); + if (! empty($cors_hosts)) + array_push($AUTHORIZED_HOSTNAMES, ...explode(",", $cors_hosts)); + // Since the Host header is easily manipulated, we can only check if it's wrong and can't use it // to validate that the client is authorized, only unauthorized. $server_host = $_SERVER['HTTP_HOST']; From 5331620b71de36fcdeadefc5c163b90f09ed4ac7 Mon Sep 17 00:00:00 2001 From: Adyanth H <33192449+adyanth@users.noreply.github.com> Date: Wed, 16 Jun 2021 10:42:13 +0530 Subject: [PATCH 2/2] Change tabs to spaces Signed-off-by: Adyanth H <33192449+adyanth@users.noreply.github.com> --- scripts/pi-hole/php/auth.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/pi-hole/php/auth.php b/scripts/pi-hole/php/auth.php index 6181f85fe..83e519958 100644 --- a/scripts/pi-hole/php/auth.php +++ b/scripts/pi-hole/php/auth.php @@ -47,12 +47,12 @@ function check_cors() { $virtual_host = getenv('VIRTUAL_HOST'); if (! empty($virtual_host)) array_push($AUTHORIZED_HOSTNAMES, $virtual_host); - - # Allow user set CORS + + # Allow user set CORS $cors_hosts = getenv('CORS_HOSTS'); if (! empty($cors_hosts)) array_push($AUTHORIZED_HOSTNAMES, ...explode(",", $cors_hosts)); - + // Since the Host header is easily manipulated, we can only check if it's wrong and can't use it // to validate that the client is authorized, only unauthorized. $server_host = $_SERVER['HTTP_HOST'];