PHP Classes

File: multiple.php

Recommend this page to a friend!
  Classes of Free Ment   PHP Live Chat Browser   multiple.php   Download  
File: multiple.php
Role: Auxiliary script
Content type: text/plain
Description: Auxiliary script
Class: PHP Live Chat Browser
Live chat with users of the same or another site
Author: By
Last change:
Date: 1 year ago
Size: 3,198 bytes
 

Contents

Class file image Download
<?php

/**
 * An example CORS-compliant method. It will allow any GET, POST, or OPTIONS requests from any
 * origin.
 *
 * In a production environment, you probably want to be more restrictive, but this gives you
 * the general idea of what is involved. For the nitty-gritty low-down, read:
 *
 * - https://developer.mozilla.org/en/HTTP_access_control
 * - https://fetch.spec.whatwg.org/#http-cors-protocol
 *
 */
function cors() {

    // Allow from any origin
    if (isset($_SERVER['HTTP_ORIGIN'])) {
        // Decide if the origin in $_SERVER['HTTP_ORIGIN'] is one
        // you want to allow, and if so:
        header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
        header('Access-Control-Allow-Credentials: true');
        header('Access-Control-Max-Age: 86400'); // cache for 1 day
    }

    // Access-Control headers are received during OPTIONS requests
    if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {

        if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
            // may also be using PUT, PATCH, HEAD etc
            header("Access-Control-Allow-Methods: GET, POST, OPTIONS");

        if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
            header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");

        exit(0);
    }

    echo "You have CORS!";
}

//print('$_SERVER: ');var_dump($_SERVER);exit(0);
//print('getallheaders() before: ');var_dump(getallheaders());
//print('$_SERVER[\'HTTP_ORIGIN\']: ');var_dump($_SERVER['HTTP_ORIGIN']);
//print('$_SERVER[\'REQUEST_METHOD\']: ');var_dump($_SERVER['REQUEST_METHOD']);
//cors();
//header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
////header('Access-Control-Allow-Origin: *');
////header('Access-Control-Allow-Credentials: true');
////header('Access-Control-Max-Age: 86400'); // cache for 1 day
//header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
////header('Access-Control-Allow-Methods: GET, POST, OPTIONS');
////header('Content-Security-Policy: default-src \'self\'');
//print('<br /><br />');
//print('getallheaders() after: ');var_dump(getallheaders());exit(0);

//child-src 'self'
//frame-src 'self'
//X-Frame-Options: DENY
//X-Frame-Options: SAMEORIGIN
/*header('Content-Security-Policy: child-src *');*/
$URL = 'http://freement.great-site.net/live_browser/multiple.php';
//header('Content-Security-Policy: frame-src *;');
//header('Content-Security-Policy: "frame-ancestors *;"');
print('headers: ');var_dump(get_headers($URL, true));

?>

<html>
<head>
<title></title>
<style>
iframe { border: 10px solid black; float: left; }
p { clear: both; }
</style>
</head>
<body>
<p>external iframes</p>
<iframe id="iframe1" src="https://duckduckgo.com/?q=iframe1"></iframe>
<iframe id="iframe2" src="https://duckduckgo.com/?q=iframe2"></iframe>
<iframe id="iframe3" src="https://duckduckgo.com/?q=iframe3"></iframe>
<p>internal iframes</p>
<iframe id="iframe4" src="slide.php"></iframe>
<iframe id="iframe5" src="input.php"></iframe>
<iframe id="iframe6" src="interact.php"></iframe>
</body>
</html>
<?php

print('headers: ');var_dump(get_headers($URL, true));exit(0);

?>