crm.fsf.org/20131203/files/sites/all/modules-old/cors/cors.module~

   1 <?php
   2
   3 /**
   4  * @file
   5  * Allows Cross-origin resource sharing.
   6  */
   7
   8 /**
   9  * Implements hook_menu().
  10  */
  11 function cors_menu() {
  12   $items = array();
  13
  14   $items['admin/config/services/cors'] = array(
  15     'title' => 'CORS',
  16     'description' => 'Enable Cross-origin resource sharing',
  17     'page callback' => 'drupal_get_form',
  18     'page arguments' => array('cors_admin_form'),
  19     'access arguments' => array('administer site configuration'),
  20   );
  21
  22   return $items;
  23 }
  24
  25 /**
  26  * CORS admin configuration form.
  27  */
  28 function cors_admin_form($form, &$form_state) {
  29   $form = array();
  30
  31   $cors_domains = '';
  32   foreach (variable_get('cors_domains', array()) as $path => $domain) {
  33     $cors_domains .= $path . '|' . $domain . "\n";
  34   }
  35
  36   $form['cors_domains'] = array(
  37     '#type' => 'textarea',
  38     '#title' => t('Domains'),
  39     '#description' => t('A list of paths and corresponding domains to enable for CORS. Multiple entries should be separated by a comma. Enter one value per line separated by a pipe, in this order:
  40    <ul>
  41      <li>Internal path</li>
  42      <li>Access-Control-Allow-Origin. Use &lt;mirror&gt; to echo back the Origin header.</li>
  43      <li>Access-Control-Allow-Methods</li>
  44      <li>Access-Control-Allow-Headers</li>
  45      <li>Access-Control-Allow-Credentials</li>
  46     </ul>
  47     Examples:
  48     <ul>
  49       <li>*|http://example.com</li>
  50       <li>api|http://example.com:8080 http://example.com</li>
  51       <li>api/*|&lt;mirror&gt;,https://example.com</li>
  52       <li>api/*|&lt;mirror&gt;|POST|Content-Type,Authorization|true</li>
  53     </ul>'),
  54     '#default_value' => $cors_domains,
  55     '#rows' => 10,
  56   );
  57
  58   $form['submit'] = array(
  59     '#type' => 'submit',
  60     '#value' => t('Save configuration'),
  61   );
  62
  63   return $form;
  64 }
  65
  66 /**
  67  * CORS admin configuration form submit.
  68  */
  69 function cors_admin_form_submit($form, &$form_state) {
  70   $domains = explode("\n", $form_state['values']['cors_domains'], 2);
  71   $settings = array();
  72   foreach ($domains as $domain) {
  73     $domain = explode("|", $domain, 2);
  74     if (count($domain) === 2) {
  75       $settings[$domain[0]] = (isset($settings[$domain[0]])) ? $settings[$domain[0]] . ' ' : '';
  76       $settings[$domain[0]] .= trim($domain[1]);
  77     }
  78   }
  79
  80   variable_set('cors_domains', $settings);
  81 }
  82
  83 /**
  84  * Implements hook_init().
  85  */
  86 function cors_init() {
  87   $domains = variable_get('cors_domains', array());
  88   $current_path = drupal_strtolower(drupal_get_path_alias($_GET['q']));
  89   $request_headers = getallheaders();
  90   $headers = array(
  91     'all' => array(
  92       'Access-Control-Allow-Origin' => array(),
  93       'Access-Control-Allow-Credentials' => array(),
  94     ),
  95     'OPTIONS' => array(
  96       'Access-Control-Allow-Methods' => array(),
  97       'Access-Control-Allow-Headers' => array(),
  98     ),
  99   );
 100   foreach ($domains as $path => $settings) {
 101     $settings = explode("|", $settings);
 102     $page_match = drupal_match_path($current_path, $path);
 103     if ($current_path != $_GET['q']) {
 104       $page_match = $page_match || drupal_match_path($_GET['q'], $path);
 105     }
 106     if ($page_match) {
 107       if (!empty($settings[0])) {
 108         $origins = explode(',', trim($settings[0]));
 109         foreach ($origins as $origin) {
 110           if ($origin === '<mirror>') {
 111             if (!empty($request_headers['Origin'])) {
 112               $headers['all']['Access-Control-Allow-Origin'][] = $request_headers['Origin'];
 113             }
 114           }
 115           else {
 116             $headers['all']['Access-Control-Allow-Origin'][] = $origin;
 117           }
 118         }
 119
 120       }
 121       if (!empty($settings[1])) {
 122         $headers['OPTIONS']['Access-Control-Allow-Methods'] = explode(',', trim($settings[1]));
 123       }
 124       if (!empty($settings[2])) {
 125         $headers['OPTIONS']['Access-Control-Allow-Headers'] = explode(',', trim($settings[2]));
 126       }
 127       if (!empty($settings[3])) {
 128         $headers['all']['Access-Control-Allow-Credentials'] = explode(',', trim($settings[3]));
 129       }
 130     }
 131   }
 132
 133   foreach ($headers as $method => $allowed) {
 134     if ($method === 'all' || $method === $_SERVER['REQUEST_METHOD']) {
 135       foreach ($allowed as $header => $values) {
 136         if (!empty($values)) {
 137           foreach ($values as $value) {
 138             drupal_add_http_header($header, $value, TRUE);
 139           }
 140         }
 141       }
 142     }
 143   }
 144 }
 145
 146 /**
 147  * If running nginx, implement getallheaders ourself.
 148  *
 149  * Code is taken from http://php.net/manual/en/function.getallheaders.php
 150  */
 151 if (!function_exists('getallheaders')) {
 152   function getallheaders() {
 153     foreach ($_SERVER as $name => $value) {
 154       if (substr($name, 0, 5) == 'HTTP_') {
 155         $headers[str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))))] = $value;
 156       }
 157     }
 158     return $headers;
 159   }
 160 }
 161