Added cors headers for website support

Rabbit-Company · May 21, 2021 · 03ea50f · 03ea50f
1 parent 513086b
commit 03ea50f
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 21 deletions.
diff --git a/php/Database.php b/php/Database.php
@@ -36,26 +36,16 @@ public static function getUserIpAddress() : string {
     public static function userSentToManyRequests(string $action) : bool{
         $timer = 0;
 
-        switch($action){
-            case 'createAccount':
-                $timer = Settings::$limiter_createAccount;
-            break;
-            case 'getPasswords':
-                $timer = Settings::$limiter_getPasswords;
-            break;
-            case 'savePassword':
-                $timer = Settings::$limiter_savePassword;
-            break;
-            case 'editPassword':
-                $timer = Settings::$limiter_editPassword;
-            break;
-            case 'deletePassword':
-                $timer = Settings::$limiter_deletePassword;
-            break;
-            case 'deleteAccount':
-                $timer = Settings::$limiter_deleteAccount;
-            break;
-        }
+        $timerOptions = [
+            'createAccount' => Settings::$limiter_createAccount,
+            'getPasswords' => Settings::$limiter_getPasswords,
+            'savePassword' => Settings::$limiter_savePassword,
+            'editPassword' => Settings::$limiter_editPassword,
+            'deletePassword' => Settings::$limiter_deletePassword,
+            'deleteAccount' => Settings::$limiter_deleteAccount
+        ];
+
+        $timer = $timerOptions[$action];
 
         $ips_array = json_decode(file_get_contents('ips.json'), true);
 

diff --git a/php/index.php b/php/index.php
@@ -1,4 +1,17 @@
 <?php
+
+if (isset($_SERVER['HTTP_ORIGIN'])) {
+	header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
+	header('Access-Control-Allow-Credentials: true');
+	header('Access-Control-Max-Age: 86400');
+}
+
+if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
+	if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD'])) header("Access-Control-Allow-Methods: GET, POST, OPTIONS");         
+	if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS'])) header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
+	exit(0);
+}
+
 require_once "Display.php";
 require_once "Database.php";
 require_once "Settings.php";
@@ -9,7 +22,7 @@
 }
 
 switch($_GET['action']){
-    case "createAccount":
+	case "createAccount":
 		if(Database::userSentToManyRequests('createAccount')){
 			echo Display::json(429);
 			return;