From 3f8a45bbbb5738430762b737123bdd1a040cfcd5 Mon Sep 17 00:00:00 2001
From: Isaac Connor <iconnor@pseudo.connortechnology.com>
Date: Wed, 2 Dec 2015 10:05:03 -0500
Subject: [PATCH] Add a function to setup CORS access headers

---
 web/includes/functions.php | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/web/includes/functions.php b/web/includes/functions.php
index 385ab673b..6eedf585e 100644
--- a/web/includes/functions.php
+++ b/web/includes/functions.php
@@ -94,6 +94,25 @@ function noCacheHeaders()
     header("Pragma: no-cache");         // HTTP/1.0
 }
 
+function CORSHeaders() {
+	# This just allows cross server requests with no verification.  This is ok, because we do auth later.
+	header("Access-Control-Allow-Origin: *" );
+
+	# The following is left for future reference/use.
+#$valid = false;
+#header("Access-Control-Allow-Headers: x-requested-with,x-request");
+#foreach( dbFetchAll( 'SELECT * FROM Servers' ) as $row ) {
+#$Server = new Server( $row );
+#if ( $_SERVER['HTTP_ORIGIN'] == $Server->Url() ) {
+#$valid = true;
+#header("Access-Control-Allow-Origin: " . $Server->Url() );
+#}
+#}
+#if ( ! $valid ) {
+#Warning( $_SERVER['HTTP_ORIGIN'] . " is not found in servers list." );
+#}
+}
+
 function getAuthUser( $auth )
 {
     if ( ZM_OPT_USE_AUTH && ZM_AUTH_RELAY == "hashed" && !empty($auth) )