Skip to content

Commit 61db092

Browse files
ylebreylebre
committed
add support for trusted origins
1 parent bbc4661 commit 61db092

1 file changed

Lines changed: 8 additions & 5 deletions

File tree

src/WAC.php

Lines changed: 8 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -46,7 +46,7 @@ public function addWACHeaders($request, $response, $webId) {
4646
* see: https://github.com/solid/web-access-control-spec
4747
*/
4848

49-
public function isAllowed($request, $webId, $origin=false, $allowedClients=[]) {
49+
public function isAllowed($request, $webId, $origin=false, $allowedOrigins=[]) {
5050
$requestedGrants = $this->getRequestedGrants($request);
5151
$uri = $request->getUri();
5252
$parentUri = $this->getParentUri($uri);
@@ -60,7 +60,7 @@ public function isAllowed($request, $webId, $origin=false, $allowedClients=[]) {
6060
if (!$this->isUserGranted($requestedGrant['grants'], $uri, $webId)) {
6161
return false;
6262
}
63-
if (!$this->isOriginGranted($requestedGrant['grants'], $uri, $origin, $allowedClients)) {
63+
if (!$this->isOriginGranted($requestedGrant['grants'], $uri, $origin, $allowedOrigins)) {
6464
return false;
6565
}
6666
break;
@@ -71,7 +71,7 @@ public function isAllowed($request, $webId, $origin=false, $allowedClients=[]) {
7171
if (!$this->isUserGranted($requestedGrant['grants'], $parentUri, $webId)) {
7272
return false;
7373
}
74-
if (!$this->isOriginGranted($requestedGrant['grants'], $parentUri, $origin, $allowedClients)) {
74+
if (!$this->isOriginGranted($requestedGrant['grants'], $parentUri, $origin, $allowedOrigins)) {
7575
return false;
7676
}
7777
break;
@@ -120,11 +120,14 @@ private function isUserGranted($requestedGrants, $uri, $webId) {
120120
return $this->checkGrants($requestedGrants, $uri, $grants);
121121
}
122122

123-
private function isOriginGranted($requestedGrants, $uri, $origin, $allowedClients) {
123+
private function isOriginGranted($requestedGrants, $uri, $origin, $allowedOrigins) {
124124
if (!$origin) {
125125
return true;
126126
}
127-
127+
$parsedOrigin = parse_url($origin)['host'];
128+
if (in_array($parsedOrigin, $allowedOrigins)) {
129+
return true;
130+
}
128131
//error_log("REQUESTED GRANT: " . join(" or ", $requestedGrants) . " on $uri");
129132
$grants = $this->getOriginGrants($uri, $origin);
130133
//error_log("GRANTED GRANTS for origin $origin: " . json_encode($grants));

0 commit comments

Comments
 (0)