public/mailcow-dockerized
1
0
Fork 0
mirror of https://github.com/mailcow/mailcow-dockerized.git synced 2025-12-13 09:56:01 +00:00
Code Issues Releases Wiki Activity

fix: Only use HTTP_ORIGIN if it is sent.

Browse Source
This commit is contained in:
Paul Sütterlin
2025-07-26 01:06:24 +00:00
parent 2f1eb4b004
commit 6b8e981bdc
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
data/web/inc/functions.inc.php
View File

@@ -2211,7 +2211,7 @@ function cors($action, $data = null) {
$cors_settings['allowed_origins'] = $allowed_origins[0]; $cors_settings['allowed_origins'] = $allowed_origins[0];
if (in_array('*', $allowed_origins)){ if (in_array('*', $allowed_origins)){
$cors_settings['allowed_origins'] = '*'; $cors_settings['allowed_origins'] = '*';
} else if (in_array($_SERVER['HTTP_ORIGIN'], $allowed_origins)) { } else if (array_key_exists('HTTP_ORIGIN', $_SERVER) && in_array($_SERVER['HTTP_ORIGIN'], $allowed_origins)) {
$cors_settings['allowed_origins'] = $_SERVER['HTTP_ORIGIN']; $cors_settings['allowed_origins'] = $_SERVER['HTTP_ORIGIN'];
} }
// always allow OPTIONS for preflight request // always allow OPTIONS for preflight request