Skip to content

Commit

Permalink
Adjusted code style, fixed typo
Browse files Browse the repository at this point in the history
  • Loading branch information
samdark authored Apr 30, 2018
1 parent f65361e commit a1f52ef
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions framework/filters/Cors.php
Original file line number Diff line number Diff line change
Expand Up @@ -160,12 +160,12 @@ public function prepareHeaders($requestHeaders)
$responseHeaders = [];
// handle Origin
if (isset($requestHeaders['Origin'], $this->cors['Origin'])) {
if (in_array($requestHeaders['Origin'], $this->cors['Origin'])) {
if (in_array($requestHeaders['Origin'], $this->cors['Origin'], true)) {
$responseHeaders['Access-Control-Allow-Origin'] = $requestHeaders['Origin'];
}

if (in_array('*', $this->cors['Origin'])) {
// Per CORS standard(https://fetch.spec.whatwg.org), wildcard origins shouldn't be used together with credentails.
if (in_array('*', $this->cors['Origin'], true)) {
// Per CORS standard(https://fetch.spec.whatwg.org), wildcard origins shouldn't be used together with credentials
if (isset($this->cors['Access-Control-Allow-Credentials']) && $this->cors['Access-Control-Allow-Credentials']) {
if (YII_DEBUG) {
throw new Exception("Allowing credentials for wildcard origins is insecure. Please specify more restrictive origins or set 'credentials' to false in your CORS configuration.");
Expand Down

0 comments on commit a1f52ef

Please sign in to comment.