add CORS
This commit is contained in:
@@ -6,7 +6,7 @@
|
|||||||
$API_HEADERS = [
|
$API_HEADERS = [
|
||||||
'Content-Type: application/json; charset=utf-8',
|
'Content-Type: application/json; charset=utf-8',
|
||||||
'Access-Control-Allow-Origin: *',
|
'Access-Control-Allow-Origin: *',
|
||||||
'Access-Control-Allow-Methods: GET, POST, OPTIONS',
|
'Access-Control-Allow-Methods: POST, OPTIONS',
|
||||||
'Access-Control-Allow-Headers: Content-Type, Authorization',
|
'Access-Control-Allow-Headers: Content-Type, Authorization',
|
||||||
'X-Powered-By: SiliconPin Tools'
|
'X-Powered-By: SiliconPin Tools'
|
||||||
];
|
];
|
||||||
@@ -14,9 +14,20 @@ $API_HEADERS = [
|
|||||||
/**
|
/**
|
||||||
* Apply headers helper
|
* Apply headers helper
|
||||||
*/
|
*/
|
||||||
function applyApiHeaders(array $headers)
|
function applyApiHeaders(array $headers): void
|
||||||
{
|
{
|
||||||
foreach ($headers as $header) {
|
foreach ($headers as $header) {
|
||||||
header($header);
|
header($header);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Handle CORS preflight globally
|
||||||
|
*/
|
||||||
|
function handleCorsPreflight(): void
|
||||||
|
{
|
||||||
|
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
|
||||||
|
http_response_code(200);
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|||||||
@@ -1,6 +1,12 @@
|
|||||||
<?php
|
<?php
|
||||||
require_once __DIR__ . '/../../hta_config/conf.php';
|
require_once __DIR__ . '/../../hta_config/conf.php';
|
||||||
|
|
||||||
|
// -------------------------------
|
||||||
|
// Apply headers + CORS
|
||||||
|
// -------------------------------
|
||||||
applyApiHeaders($API_HEADERS);
|
applyApiHeaders($API_HEADERS);
|
||||||
|
handleCorsPreflight();
|
||||||
|
|
||||||
// -------------------------------
|
// -------------------------------
|
||||||
// Allow only POST
|
// Allow only POST
|
||||||
// -------------------------------
|
// -------------------------------
|
||||||
@@ -19,7 +25,23 @@ if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
|||||||
$rawInput = file_get_contents('php://input');
|
$rawInput = file_get_contents('php://input');
|
||||||
$data = json_decode($rawInput, true);
|
$data = json_decode($rawInput, true);
|
||||||
|
|
||||||
$domain = $data['domain'] ?? '';
|
if (!is_array($data)) {
|
||||||
|
http_response_code(400);
|
||||||
|
echo json_encode([
|
||||||
|
'success' => false,
|
||||||
|
'message' => 'Invalid JSON payload'
|
||||||
|
]);
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
// -------------------------------
|
||||||
|
// Extract + normalize domain
|
||||||
|
// -------------------------------
|
||||||
|
$domain = trim($data['domain'] ?? '');
|
||||||
|
|
||||||
|
// Remove protocol if user sends URL
|
||||||
|
$domain = preg_replace('#^https?://#', '', $domain);
|
||||||
|
$domain = preg_replace('#/.*$#', '', $domain);
|
||||||
|
|
||||||
// -------------------------------
|
// -------------------------------
|
||||||
// Domain validation
|
// Domain validation
|
||||||
@@ -42,7 +64,7 @@ if (!$domain || !validateDomain($domain)) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// -------------------------------
|
// -------------------------------
|
||||||
// DNS lookup (NO shell_exec)
|
// DNS A record lookup
|
||||||
// -------------------------------
|
// -------------------------------
|
||||||
$records = dns_get_record($domain, DNS_A);
|
$records = dns_get_record($domain, DNS_A);
|
||||||
$ips = [];
|
$ips = [];
|
||||||
@@ -71,5 +93,5 @@ if (empty($ips)) {
|
|||||||
echo json_encode([
|
echo json_encode([
|
||||||
'success' => true,
|
'success' => true,
|
||||||
'domain' => $domain,
|
'domain' => $domain,
|
||||||
'ips' => $ips
|
'ips' => array_values(array_unique($ips))
|
||||||
]);
|
]);
|
||||||
|
|||||||
Reference in New Issue
Block a user