octicon-mirror(24/)
php/yii2
octicon-rss(16/)
1
0
octicon-repo-forked(16/)Fork 0
mirror of https://github.com/yiisoft/yii2.git synced 2025-11-10 23:50:38 +08:00
octicon-code(16/) Code octicon-issue-opened(16/) Issues octicon-package(16/) Packages octicon-project(16/) Projects octicon-tag(16/) Releases octicon-book(16/) Wiki octicon-pulse(16/) Activity

Adjusted code style, fixed typo

Browse Source
This commit is contained in:
octicon-git-branch(16/)
octicon-tag(16/)
Alexander Makarov
2018-05-01 01:16:03 +03:00
committed by GitHub
gitea-unlock(16/)
parent f65361e47d
commit a1f52ef118
octicon-diff(16/tw-mr-1) 1 changed files with 3 additions and 3 deletions
gitea-whitespace(16/)
gitea-join(16/)
octicon-kebab-horizontal(16/)
Download Patch File Download Diff File Expand all files Collapse all files

6
framework/filters/Cors.php
View File

@@ -160,12 +160,12 @@ class Cors extends ActionFilter
$responseHeaders = []; $responseHeaders = [];
// handle Origin // handle Origin
if (isset($requestHeaders['Origin'], $this->cors['Origin'])) { if (isset($requestHeaders['Origin'], $this->cors['Origin'])) {
if (in_array($requestHeaders['Origin'], $this->cors['Origin'])) { if (in_array($requestHeaders['Origin'], $this->cors['Origin'], true)) {
$responseHeaders['Access-Control-Allow-Origin'] = $requestHeaders['Origin']; $responseHeaders['Access-Control-Allow-Origin'] = $requestHeaders['Origin'];
} }
if (in_array('*', $this->cors['Origin'])) { if (in_array('*', $this->cors['Origin'], true)) {
// Per CORS standard(https://fetch.spec.whatwg.org), wildcard origins shouldn't be used together with credentails. // Per CORS standard(https://fetch.spec.whatwg.org), wildcard origins shouldn't be used together with credentials
if (isset($this->cors['Access-Control-Allow-Credentials']) && $this->cors['Access-Control-Allow-Credentials']) { if (isset($this->cors['Access-Control-Allow-Credentials']) && $this->cors['Access-Control-Allow-Credentials']) {
if (YII_DEBUG) { if (YII_DEBUG) {
throw new Exception("Allowing credentials for wildcard origins is insecure. Please specify more restrictive origins or set 'credentials' to false in your CORS configuration."); throw new Exception("Allowing credentials for wildcard origins is insecure. Please specify more restrictive origins or set 'credentials' to false in your CORS configuration.");