1// enter the origins you want allowed for cors to work
2$_SESSION['allowed_origins'] = array('*', "site1.com", "site2.com");
3
4// use this function to cycle through the list and enter these dynamically
5function setAllowedHeadersAPI($array) {
6 foreach ($_SESSION['allowed_origins'] as $origin) {
7 header("Access-Control-Allow-Origin: $origin");
8 header("Access-Control-Allow-Headers: $origin");
9 }
10}
11
12// call function and pass the array through it
13setAllowedHeadersAPI($_SESSION['allowed_origins']);
1// enter the origins you want allowed for cors to work
2$_SESSION['allowed_origins'] = array('*', "site1.com", "site2.com");
3
4// use this function to cycle through the list
5// and enter these dynamically
6function setAllowedHeadersAPI($array) {
7 foreach ($_SESSION['allowed_origins'] as $origin) {
8 header("Access-Control-Allow-Origin: $origin");
9 header("Access-Control-Allow-Headers: $origin");
10 }
11}
12
13// call function and pass the array through it
14setAllowedHeadersAPI($_SESSION['allowed_origins']);
1//Function to be called first in php file.
2function CORS_HEADERS_HANDLER(){
3 if (isset($_SERVER['HTTP_ORIGIN'])){
4 switch($_SERVER['HTTP_ORIGIN']){
5 //Handle an IP address and Port
6 case 'http://1.2.3.4:4200':
7 header('Access-Control-Allow-Origin: http://1.2.3.4:4200');
8 break;
9 //Handle an Website Domain (using https)
10 case 'https://www.someSite.com':
11 header('Access-Control-Allow-Origin: https://www.someSite.com');
12 break;
13 //Handle an Website Domain (using http)
14 case 'http://www.someSite.com':
15 header('Access-Control-Allow-Origin: http://www.someSite.com');
16 break;
17 //Catch if someone's site is actually the reject being cheeky
18 case 'https://not.you':
19 header('Access-Control-Allow-Origin: https://nice.try');
20 break;
21 //Handle a rejection passing something that is not the request origin.
22 default:
23 header('Access-Control-Allow-Origin: https://not.you');
24 break;
25 }
26 }else{
27 header('Access-Control-Allow-Origin: https://not.you');
28 }
29 header('Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS');
30 header('Access-Control-Allow-Headers: Origin, Content-Type, X-Auth-Token');
31 header('Access-Control-Allow-Credentials: true');
32 header('Content-Type: application/json; charset=utf-8');
33 header("Cache-Control: public,max-age=3600");
34 //if its an options request you don't need to proceed past CORS request.
35 if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
36 die();
37 }
38}