/** * Set Access-Control-Allow-Origin header. * * If a Origin header is sent by the client, attempt to verify it against the list of * trusted domains in Garden.TrustedDomains. If the value of Origin is verified as * being part of a trusted domain, add the Access-Control-Allow-Origin header to the * response using the client's Origin header value. */ protected function setAccessControl() { $origin = Gdn::request()->getValueFrom(Gdn_Request::INPUT_SERVER, 'HTTP_ORIGIN', false); if ($origin) { $originHost = parse_url($origin, PHP_URL_HOST); if ($originHost && isTrustedDomain($originHost)) { $this->setHeader('Access-Control-Allow-Origin', $origin); } } }
/** * Defines & retrieves the view and master view. Renders all content within * them to the screen. * * @param string $View * @param string $ControllerName * @param string $ApplicationFolder * @param string $AssetName The name of the asset container that the content should be rendered in. */ public function xRender($View = '', $ControllerName = false, $ApplicationFolder = false, $AssetName = 'Content') { // Remove the deliver type and method from the query string so they don't corrupt calls to Url. $this->Request->setValueOn(Gdn_Request::INPUT_GET, 'DeliveryType', null); $this->Request->setValueOn(Gdn_Request::INPUT_GET, 'DeliveryMethod', null); Gdn::pluginManager()->callEventHandlers($this, $this->ClassName, $this->RequestMethod, 'Render'); if ($this->_DeliveryType == DELIVERY_TYPE_NONE) { return; } // Handle deprecated StatusMessage values that may have been added by plugins $this->informMessage($this->StatusMessage); // If there were uncontrolled errors above the json data, wipe them out // before fetching it (otherwise the json will not be properly parsed // by javascript). if ($this->_DeliveryMethod == DELIVERY_METHOD_JSON) { if (ob_get_level()) { ob_clean(); } $this->contentType('application/json; charset=' . c('Garden.Charset', 'utf-8')); $this->setHeader('X-Content-Type-Options', 'nosniff'); // Cross-Origin Resource Sharing (CORS) /** * Access-Control-Allow-Origin * If a Origin header is sent by the client, attempt to verify it against the list of * trusted domains in Garden.TrustedDomains. If the value of Origin is verified as * being part of a trusted domain, add the Access-Control-Allow-Origin header to the * response using the client's Origin header value. */ $origin = Gdn::request()->getValueFrom(Gdn_Request::INPUT_SERVER, 'HTTP_ORIGIN', false); if ($origin) { $originHost = parse_url($origin, PHP_URL_HOST); if ($originHost && isTrustedDomain($originHost)) { $this->setHeader('Access-Control-Allow-Origin', $origin); } } } if ($this->_DeliveryMethod == DELIVERY_METHOD_TEXT) { $this->contentType('text/plain'); } // Send headers to the browser $this->sendHeaders(); // Make sure to clear out the content asset collection if this is a syndication request if ($this->SyndicationMethod !== SYNDICATION_NONE) { $this->Assets['Content'] = ''; } // Define the view if (!in_array($this->_DeliveryType, array(DELIVERY_TYPE_BOOL, DELIVERY_TYPE_DATA))) { $View = $this->fetchView($View, $ControllerName, $ApplicationFolder); // Add the view to the asset container if necessary if ($this->_DeliveryType != DELIVERY_TYPE_VIEW) { $this->addAsset($AssetName, $View, 'Content'); } } // Redefine the view as the entire asset contents if necessary if ($this->_DeliveryType == DELIVERY_TYPE_ASSET) { $View = $this->getAsset($AssetName); } elseif ($this->_DeliveryType == DELIVERY_TYPE_BOOL) { // Or as a boolean if necessary $View = true; if (property_exists($this, 'Form') && is_object($this->Form)) { $View = $this->Form->errorCount() > 0 ? false : true; } } if ($this->_DeliveryType == DELIVERY_TYPE_MESSAGE && $this->Form) { $View = $this->Form->errors(); } if ($this->_DeliveryType == DELIVERY_TYPE_DATA) { $ExitRender = $this->renderData(); if ($ExitRender) { return; } } if ($this->_DeliveryMethod == DELIVERY_METHOD_JSON) { // Format the view as JSON with some extra information about the // success status of the form so that jQuery knows what to do // with the result. if ($this->_FormSaved === '') { // Allow for override $this->_FormSaved = property_exists($this, 'Form') && $this->Form->errorCount() == 0 ? true : false; } $this->setJson('FormSaved', $this->_FormSaved); $this->setJson('DeliveryType', $this->_DeliveryType); $this->setJson('Data', base64_encode($View instanceof Gdn_IModule ? $View->toString() : $View)); $this->setJson('InformMessages', $this->_InformMessages); $this->setJson('ErrorMessages', $this->_ErrorMessages); $this->setJson('RedirectUrl', $this->RedirectUrl); // Make sure the database connection is closed before exiting. $this->finalize(); if (!check_utf8($this->_Json['Data'])) { $this->_Json['Data'] = utf8_encode($this->_Json['Data']); } $Json = json_encode($this->_Json); // Check for jsonp call. if (($Callback = $this->Request->get('callback', false)) && $this->allowJSONP()) { $Json = $Callback . '(' . $Json . ')'; } $this->_Json['Data'] = $Json; exit($this->_Json['Data']); } else { if (count($this->_InformMessages) > 0 && $this->SyndicationMethod === SYNDICATION_NONE) { $this->addDefinition('InformMessageStack', base64_encode(json_encode($this->_InformMessages))); } if ($this->RedirectUrl != '' && $this->SyndicationMethod === SYNDICATION_NONE) { $this->addDefinition('RedirectUrl', $this->RedirectUrl); } if ($this->_DeliveryMethod == DELIVERY_METHOD_XHTML && debug()) { $this->addModule('TraceModule'); } // Render if ($this->_DeliveryType == DELIVERY_TYPE_BOOL) { echo $View ? 'TRUE' : 'FALSE'; } elseif ($this->_DeliveryType == DELIVERY_TYPE_ALL) { // Render $this->renderMaster(); } else { if ($View instanceof Gdn_IModule) { $View->render(); } else { echo $View; } } } }