Skip to content

Commit

Permalink
#149 preview: disallow by default
Browse files Browse the repository at this point in the history
  • Loading branch information
@pbek
pbek committed Jan 17, 2024
1 parent 629e4b3 commit daf5bb6
Showing 1 changed file with 3 additions and 5 deletions.
8 changes: 3 additions & 5 deletions lib/Controller/PreviewController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,11 +65,9 @@ public function getPreviewByFileId(
*/
public function preflightedCors()
{
if (isset($this->request->server['HTTP_ORIGIN'])) {
$origin = $this->request->server['HTTP_ORIGIN'];
} else {
$origin = '*';
}
// Disallow by default
// "null" is not advised to be used as an origin
$origin = $this->request->server['HTTP_ORIGIN'] ?? '';

$response = new Response();
$response->addHeader('Access-Control-Allow-Origin', $origin);
Expand Down

0 comments on commit daf5bb6

Please sign in to comment.