add CORS
This commit is contained in:
@@ -6,7 +6,7 @@
|
||||
$API_HEADERS = [
|
||||
'Content-Type: application/json; charset=utf-8',
|
||||
'Access-Control-Allow-Origin: *',
|
||||
'Access-Control-Allow-Methods: GET, POST, OPTIONS',
|
||||
'Access-Control-Allow-Methods: POST, OPTIONS',
|
||||
'Access-Control-Allow-Headers: Content-Type, Authorization',
|
||||
'X-Powered-By: SiliconPin Tools'
|
||||
];
|
||||
@@ -14,9 +14,20 @@ $API_HEADERS = [
|
||||
/**
|
||||
* Apply headers helper
|
||||
*/
|
||||
function applyApiHeaders(array $headers)
|
||||
function applyApiHeaders(array $headers): void
|
||||
{
|
||||
foreach ($headers as $header) {
|
||||
header($header);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Handle CORS preflight globally
|
||||
*/
|
||||
function handleCorsPreflight(): void
|
||||
{
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
|
||||
http_response_code(200);
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,6 +1,12 @@
|
||||
<?php
|
||||
require_once __DIR__ . '/../../hta_config/conf.php';
|
||||
applyApiHeaders($API_HEADERS);
|
||||
require_once __DIR__ . '/../../hta_config/conf.php';
|
||||
|
||||
// -------------------------------
|
||||
// Apply headers + CORS
|
||||
// -------------------------------
|
||||
applyApiHeaders($API_HEADERS);
|
||||
handleCorsPreflight();
|
||||
|
||||
// -------------------------------
|
||||
// Allow only POST
|
||||
// -------------------------------
|
||||
@@ -19,7 +25,23 @@ if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
||||
$rawInput = file_get_contents('php://input');
|
||||
$data = json_decode($rawInput, true);
|
||||
|
||||
$domain = $data['domain'] ?? '';
|
||||
if (!is_array($data)) {
|
||||
http_response_code(400);
|
||||
echo json_encode([
|
||||
'success' => false,
|
||||
'message' => 'Invalid JSON payload'
|
||||
]);
|
||||
exit;
|
||||
}
|
||||
|
||||
// -------------------------------
|
||||
// Extract + normalize domain
|
||||
// -------------------------------
|
||||
$domain = trim($data['domain'] ?? '');
|
||||
|
||||
// Remove protocol if user sends URL
|
||||
$domain = preg_replace('#^https?://#', '', $domain);
|
||||
$domain = preg_replace('#/.*$#', '', $domain);
|
||||
|
||||
// -------------------------------
|
||||
// Domain validation
|
||||
@@ -42,7 +64,7 @@ if (!$domain || !validateDomain($domain)) {
|
||||
}
|
||||
|
||||
// -------------------------------
|
||||
// DNS lookup (NO shell_exec)
|
||||
// DNS A record lookup
|
||||
// -------------------------------
|
||||
$records = dns_get_record($domain, DNS_A);
|
||||
$ips = [];
|
||||
@@ -71,5 +93,5 @@ if (empty($ips)) {
|
||||
echo json_encode([
|
||||
'success' => true,
|
||||
'domain' => $domain,
|
||||
'ips' => $ips
|
||||
'ips' => array_values(array_unique($ips))
|
||||
]);
|
||||
|
||||
Reference in New Issue
Block a user