hyzen/freedoms4-backend-public
1
0
Fork 0
mirror of https://github.com/hyzendust/freedoms4-backend-public.git synced 2026-06-30 23:12:18 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix: cross-origin hardened

Browse Source
This commit is contained in:
hyzen
2026-06-26 12:52:08 +02:00
parent b99440ea75
commit 5029eba715
3 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
auth.php
View File

@@ -49,7 +49,7 @@ define('MAX_BODY_BYTES', 4096);
$origin = $_SERVER['HTTP_ORIGIN'] ?? '';
$allowed_origins = ['https://freedoms4.org', 'https://www.freedoms4.org'];
if ($origin && !in_array($origin, $allowed_origins, true)) {
if (!$origin || !in_array($origin, $allowed_origins, true)) {
http_response_code(403);
header('Content-Type: application/json; charset=utf-8');
echo json_encode(['success' => false, 'message' => 'Forbidden.']);