本文整理汇总了PHP中get_http_origin函数的典型用法代码示例。如果您正苦于以下问题:PHP get_http_origin函数的具体用法?PHP get_http_origin怎么用?PHP get_http_origin使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了get_http_origin函数的13个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: bigapp_json_send_cors_headers
function bigapp_json_send_cors_headers($value)
{
$origin = get_http_origin();
if ($origin) {
header('Access-Control-Allow-Origin: ' . esc_url_raw($origin));
header('Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE');
header('Access-Control-Allow-Credentials: true');
}
return $value;
}示例2: send_cors_headers
public static function send_cors_headers($headers)
{
$headers['Access-Control-Allow-Origin'] = get_http_origin();
// Can't use wildcard origin for credentials requests, instead set it to the requesting origin
$headers['Access-Control-Allow-Credentials'] = 'true';
// Access-Control headers are received during OPTIONS requests
if ('OPTIONS' == $_SERVER['REQUEST_METHOD']) {
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD'])) {
$headers['Access-Control-Allow-Methods'] = 'GET, POST, OPTIONS';
}
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS'])) {
$headers['Access-Control-Allow-Headers'] = $_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS'];
}
}
return $headers;
}示例3: send_headers_cors
/**
* Send CORS headers to allow cross-domain API requests.
*
* You can use the `allowed_http_origins` filter to control per-origin
* access.
*
* Headers are sent only in debug mode to allow BrowserSync proxying.
*
* DO NOT USE ON LIVE SITES.
*
* @param array $headers HTTP response headers.
* @return array Filtered HTTP response headers.
*/
public function send_headers_cors($headers)
{
$origin = get_http_origin();
if (empty($origin)) {
return $headers;
}
$expose_headers = array('X-WP-Total', 'X-WP-TotalPages');
$headers['Access-Control-Allow-Origin'] = esc_url_raw(get_http_origin());
$headers['Access-Control-Allow-Credentials'] = 'true';
$headers['Access-Control-Expose-Headers'] = implode(', ', $expose_headers);
if ('OPTIONS' === $_SERVER['REQUEST_METHOD']) {
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD'])) {
$headers['Access-Control-Allow-Methods'] = 'POST, GET, OPTIONS, PUT, DELETE';
}
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS'])) {
$headers['Access-Control-Allow-Headers'] = $_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS'];
}
}
return $headers;
}示例4: send_cors_headers
public function send_cors_headers()
{
$origin = get_http_origin();
$should_send_allow_origin = apply_filters('cors_should_send_allow_origin', !empty($origin));
$should_send_allow_credentials = apply_filters('cors_should_send_allow_credentials', false);
$should_send_expose_headers = apply_filters('cors_should_send_expose_headers', true);
$should_send_max_age = apply_filters('cors_should_send_max_age', false);
$should_send_allow_methods = apply_filters('cors_should_send_allow_methods', true);
$should_send_allow_headers = apply_filters('cors_should_send_allow_headers', true);
if ($should_send_allow_origin) {
$allowed_origins = apply_filters('cors_allowed_origins', array($origin));
if (in_array($origin, $allowed_origins, true)) {
header('Access-Control-Allow-Origin: ' . esc_url_raw(apply_filters('cors_allow_origin_value', $origin, $allowed_origins)));
} else {
do_action('cors_origin_disallowed', $origin, $allowed_origins);
}
}
if ($should_send_allow_credentials) {
header('Access-Control-Allow-Credentials: ' . apply_filters('cors_allow_credentials_value', 'true'));
}
if ($should_send_expose_headers) {
$exposed_headers = apply_filters('cors_exposed_headers', array('X-WP-Total', 'X-WP-TotalPages'));
header('Access-Control-Expose-Headers: ' . apply_filters('cors_expose_headers_value', implode(', ', $exposed_headers)));
}
if ($should_send_max_age) {
header('Access-Control-Max-Age: ' . apply_filters('cors_max_age_value', 600));
// Default to 10 minutes, which is the max Chrome respects
}
if ($should_send_allow_methods) {
$allowed_methods = apply_filters('cors_allowed_methods', array('POST', 'GET', 'OPTIONS', 'PUT', 'DELETE'));
header('Acess-Control-Allow-Methods: ' . apply_filters('cors_allow_methods_value', implode(', ', $allowed_methods)));
}
if ($should_send_allow_headers) {
$allowed_headers = apply_filters('cors_allowed_headers', array('Authorization'));
header('Access-Control-Allow-Headers: ' . apply_filters('cors_allow_headers_value', implode(', ', $allowed_headers)));
}
}示例5: send_origin_headers
/**
* Send Access-Control-Allow-Origin and related headers if the current request
* is from an allowed origin.
*
* If the request is an OPTIONS request, the script exits with either access
* control headers sent, or a 403 response if the origin is not allowed. For
* other request methods, you will receive a return value.
*
* @since 3.4.0
*
* @return bool|string Returns the origin URL if headers are sent. Returns false
* if headers are not sent.
*/
function send_origin_headers()
{
$origin = get_http_origin();
if (is_allowed_http_origin($origin)) {
@header('Access-Control-Allow-Origin: ' . $origin);
@header('Access-Control-Allow-Credentials: true');
if ('OPTIONS' === $_SERVER['REQUEST_METHOD']) {
exit;
}
return $origin;
}
if ('OPTIONS' === $_SERVER['REQUEST_METHOD']) {
status_header(403);
exit;
}
return false;
}示例6: rest_send_cors_headers
/**
* Sends Cross-Origin Resource Sharing headers with API requests.
*
* @since 4.4.0
*
* @param mixed $value Response data.
* @return mixed Response data.
*/
function rest_send_cors_headers($value)
{
$origin = get_http_origin();
if ($origin) {
header('Access-Control-Allow-Origin: ' . esc_url_raw($origin));
header('Access-Control-Allow-Methods: OPTIONS, GET, POST, PUT, PATCH, DELETE');
header('Access-Control-Allow-Credentials: true');
header('Vary: Origin');
}
return $value;
}示例7: wp_loaded
public function wp_loaded()
{
/*
// What if something else already set some response headers?
if (function_exists('apache_response_headers')) {
$apache_response_headers = apache_response_headers();
// Do something...
}
*/
// CORS: https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
// get_http_origin() : since WP 3.4
$http_origin = function_exists('get_http_origin') ? get_http_origin() : (empty($_SERVER['HTTP_ORIGIN']) ? '' : $_SERVER['HTTP_ORIGIN']);
if (!empty($_SERVER['REQUEST_METHOD']) && 'OPTIONS' == $_SERVER['REQUEST_METHOD'] && $http_origin) {
if (in_array($http_origin, $this->allow_cors_from)) {
if (!@constant('UDRPC_DO_NOT_SEND_CORS_HEADERS')) {
header("Access-Control-Allow-Origin: {$http_origin}");
header('Access-Control-Allow-Credentials: true');
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD'])) {
header('Access-Control-Allow-Methods: POST, OPTIONS');
}
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS'])) {
header('Access-Control-Allow-Headers: ' . $_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']);
}
}
die;
} elseif ($this->debug) {
$this->log('Non-allowed CORS from: ' . $http_origin);
}
// Having detected that this is a CORS request, there's nothing more to do. We return, because a different listener might pick it up, even though we didn't.
return;
}
// Silently return, rather than dying, in case another instance is able to handle this
if (empty($_POST['format']) || 1 != $_POST['format'] && 2 != $_POST['format']) {
return;
}
$format = $_POST['format'];
/*
In format 1 (legacy/obsolete), the one encrypts (the shared AES key) using one half of the key-pair, and decrypts with the other; whereas the other side of the conversation does the reverse when replying (and uses a different shared AES key). Though this is possible in RSA, this is the wrong thing to do - see https://crypto.stackexchange.com/questions/2123/rsa-encryption-with-private-key-and-decryption-with-a-public-key
In format 2, both sides have their own private and public key. The sender encrypts using the other side's public key, and decrypts using its own private key. Messages are signed (the message digest is SHA-256).
*/
// Is this for us?
if (empty($_POST['key_name']) || $_POST['key_name'] != $this->key_name_indicator) {
return;
}
// wp_unslash() does not exist until after WP 3.5
// $udrpc_message = function_exists('wp_unslash') ? wp_unslash($_POST['udrpc_message']) : stripslashes_deep($_POST['udrpc_message']);
// Data should not have any slashes - it is base64-encoded
$udrpc_message = (string) $_POST['udrpc_message'];
// Check this now, rather than allow the decrypt method to thrown an Exception
if (empty($this->key_local)) {
$this->log('no local key (format 1): cannot decrypt', 'error');
die;
}
if ($format >= 2) {
if (empty($_POST['signature'])) {
$this->log('No message signature found', 'error');
die;
}
if (!$this->key_remote) {
$this->log('No signature verification key has been set', 'error');
die;
}
if (!$this->verify_signature($udrpc_message, $_POST['signature'], $this->key_remote)) {
$this->log('Signature verification failed; discarding', 'error');
die;
}
}
try {
$udrpc_message = $this->decrypt_message($udrpc_message);
} catch (Exception $e) {
$this->log('Exception (' . get_class($e) . '): ' . $e->getMessage(), 'error');
die;
}
$udrpc_message = json_decode($udrpc_message, true);
if (empty($udrpc_message) || !is_array($udrpc_message) || empty($udrpc_message['command']) || !is_string($udrpc_message['command'])) {
$this->log('Could not decode JSON on incoming message', 'error');
die;
}
if (empty($udrpc_message['time'])) {
$this->log('No time set in incoming message', 'error');
die;
}
// Mismatch indicating a replay of the message with a different key name in the unencrypted portion?
if (empty($udrpc_message['key_name']) || $_POST['key_name'] != $udrpc_message['key_name']) {
$this->log('key_name mismatch between encrypted and unencrypted portions', 'error');
die;
}
if ($this->extra_replay_protection) {
$message_hash = $this->calculate_message_hash((string) $_POST['udrpc_message']);
if ($this->message_hash_seen($message_hash)) {
$this->log("Message dropped: apparently a replay (hash: {$message_hash})", 'error');
die;
}
}
// Do this after the extra replay protection, as that checks hashes within the maximum time window - so don't check the maximum time window until afterwards, to avoid a tiny window (race) in between.
$time_difference = absint($udrpc_message['time'] - time());
if ($time_difference > $this->maximum_replay_time_difference) {
$this->log("Time in incoming message is outside of allowed window ({$time_difference} > " . $this->maximum_replay_time_difference . ')', 'error');
die;
}
//.........这里部分代码省略.........
示例8: vp_send_cors_headers
function vp_send_cors_headers($headers)
{
$headers['Access-Control-Allow-Origin'] = get_http_origin();
$headers['Access-Control-Allow-Credentials'] = 'true';
if ('OPTIONS' == $_SERVER['REQUEST_METHOD']) {
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD'])) {
$headers['Access-Control-Allow-Methods'] = 'GET, POST, OPTIONS';
}
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS'])) {
$headers['Access-Control-Allow-Headers'] = $_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS'];
}
}
return $headers;
}示例9: serve
function serve($exit = true)
{
ini_set('display_errors', false);
$this->exit = (bool) $exit;
// This was causing problems with Jetpack, but is necessary for wpcom
// @see https://github.com/Automattic/jetpack/pull/2603
// @see r124548-wpcom
if (defined('IS_WPCOM') && IS_WPCOM) {
add_filter('home_url', array($this, 'ensure_http_scheme_of_home_url'), 10, 3);
}
add_filter('user_can_richedit', '__return_true');
add_filter('comment_edit_pre', array($this, 'comment_edit_pre'));
$initialization = $this->initialize();
if ('OPTIONS' == $this->method) {
/**
* Fires before the page output.
* Can be used to specify custom header options.
*
* @module json-api
*
* @since 3.1.0
*/
do_action('wpcom_json_api_options');
return $this->output(200, '', 'plain/text');
}
if (is_wp_error($initialization)) {
$this->output_error($initialization);
return;
}
// Normalize path and extract API version
$this->path = untrailingslashit($this->path);
preg_match('#^/rest/v(\\d+(\\.\\d+)*)#', $this->path, $matches);
$this->path = substr($this->path, strlen($matches[0]));
$this->version = $matches[1];
$allowed_methods = array('GET', 'POST');
$four_oh_five = false;
$is_help = preg_match('#/help/?$#i', $this->path);
$matching_endpoints = array();
if ($is_help) {
$origin = get_http_origin();
if (!empty($origin) && 'GET' == $this->method) {
header('Access-Control-Allow-Origin: ' . esc_url_raw($origin));
}
$this->path = substr(rtrim($this->path, '/'), 0, -5);
// Show help for all matching endpoints regardless of method
$methods = $allowed_methods;
$find_all_matching_endpoints = true;
// How deep to truncate each endpoint's path to see if it matches this help request
$depth = substr_count($this->path, '/') + 1;
if (false !== stripos($this->accept, 'javascript') || false !== stripos($this->accept, 'json')) {
$help_content_type = 'json';
} else {
$help_content_type = 'html';
}
} else {
if (in_array($this->method, $allowed_methods)) {
// Only serve requested method
$methods = array($this->method);
$find_all_matching_endpoints = false;
} else {
// We don't allow this requested method - find matching endpoints and send 405
$methods = $allowed_methods;
$find_all_matching_endpoints = true;
$four_oh_five = true;
}
}
// Find which endpoint to serve
$found = false;
foreach ($this->endpoints as $endpoint_path_versions => $endpoints_by_method) {
$endpoint_path_versions = unserialize($endpoint_path_versions);
$endpoint_path = $endpoint_path_versions[0];
$endpoint_min_version = $endpoint_path_versions[1];
$endpoint_max_version = $endpoint_path_versions[2];
// Make sure max_version is not less than min_version
if (version_compare($endpoint_max_version, $endpoint_min_version, '<')) {
$endpoint_max_version = $endpoint_min_version;
}
foreach ($methods as $method) {
if (!isset($endpoints_by_method[$method])) {
continue;
}
// Normalize
$endpoint_path = untrailingslashit($endpoint_path);
if ($is_help) {
// Truncate path at help depth
$endpoint_path = join('/', array_slice(explode('/', $endpoint_path), 0, $depth));
}
// Generate regular expression from sprintf()
$endpoint_path_regex = str_replace(array('%s', '%d'), array('([^/?&]+)', '(\\d+)'), $endpoint_path);
if (!preg_match("#^{$endpoint_path_regex}\$#", $this->path, $path_pieces)) {
// This endpoint does not match the requested path.
continue;
}
if (version_compare($this->version, $endpoint_min_version, '<') || version_compare($this->version, $endpoint_max_version, '>')) {
// This endpoint does not match the requested version.
continue;
}
$found = true;
if ($find_all_matching_endpoints) {
$matching_endpoints[] = array($endpoints_by_method[$method], $path_pieces);
//.........这里部分代码省略.........
示例10: send_origin_headers
/**
* Send Access-Control-Allow-Origin and related headers if the current request
* is from an allowed origin.
*
* @since 3.4.0
*
* @return bool|string Returns the origin URL if headers are sent. Returns false
* if headers are not sent.
*/
function send_origin_headers()
{
$origin = get_http_origin();
if (!is_allowed_http_origin($origin)) {
return false;
}
@header('Access-Control-Allow-Origin: ' . $origin);
@header('Access-Control-Allow-Credentials: true');
return $origin;
}示例11: send_cors_headers
/**
* Allows the OAuth clients to authenticate through CORS (the WP REST API plugin doesn't allow
* the Authorization header to be sent).
*/
public function send_cors_headers()
{
$origin = get_http_origin();
if ($origin) {
header('Access-Control-Allow-Headers: Authorization');
}
}示例12: json_send_cors_headers
/**
* Send Cross-Origin Resource Sharing headers with API requests
*
* @param mixed $value Response data
* @return mixed Response data
*/
function json_send_cors_headers($value)
{
$origin = get_http_origin();
if ($origin) {
header('Access-Control-Allow-Origin: ' . esc_url_raw($origin));
header('Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE');
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie');
header('Access-Control-Expose-Headers: x-wp-totalpages,x-wp-total');
}
return $value;
}示例13: allowThumberWebhooks
/**
* WP by default will not handle POSTs from Thumber so add a special case for the action we want to handle.
* @param $origin string Origin URL. If not provided, the value of get_http_origin() is used.
* @param $origin_arg string Unused.
*
* @return string Origin URL if allowed, empty string if not.
*/
public static function allowThumberWebhooks($origin, $origin_arg)
{
if (!$origin && isset($_REQUEST['action']) && $_REQUEST['action'] === self::ThumberAction) {
$origin = get_http_origin();
}
return $origin;
}