php/yii2
1
0
Fork 0
mirror of https://github.com/yiisoft/yii2.git synced 2025-11-04 06:37:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

Adjusted code style, fixed typo

Browse Source
This commit is contained in:
Alexander Makarov
2018-05-01 01:16:03 +03:00
committed by GitHub
parent f65361e47d
commit a1f52ef118
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
framework/filters/Cors.php
View File

@ -160,12 +160,12 @@ class Cors extends ActionFilter
$responseHeaders = [];
// handle Origin
if (isset($requestHeaders['Origin'], $this->cors['Origin'])) {
if (in_array($requestHeaders['Origin'], $this->cors['Origin'])) {
if (in_array($requestHeaders['Origin'], $this->cors['Origin'], true)) {
$responseHeaders['Access-Control-Allow-Origin'] = $requestHeaders['Origin'];
}
if (in_array('*', $this->cors['Origin'])) {
// Per CORS standard(https://fetch.spec.whatwg.org), wildcard origins shouldn't be used together with credentails.
if (in_array('*', $this->cors['Origin'], true)) {
// Per CORS standard(https://fetch.spec.whatwg.org), wildcard origins shouldn't be used together with credentials
if (isset($this->cors['Access-Control-Allow-Credentials']) && $this->cors['Access-Control-Allow-Credentials']) {
if (YII_DEBUG) {
throw new Exception("Allowing credentials for wildcard origins is insecure. Please specify more restrictive origins or set 'credentials' to false in your CORS configuration.");