protected function RestfulBase::accessByAllowOrigin in RESTful 7

Checks access based on the referer header and the allow_origin setting.

Return value

bool TRUE if the access is granted. FALSE otherwise.

1 call to RestfulBase::accessByAllowOrigin()

RestfulBase::access in plugins/restful/RestfulBase.php: Determine if user can access the handler.

File

plugins/restful/RestfulBase.php, line 1446: Contains RestfulBase.

Class

RestfulBase: Class \RestfulBase

Code

protected function accessByAllowOrigin() {

  // Check the referrer header and return false if it does not match the
  // Access-Control-Allow-Origin
  $referer = \RestfulManager::getRequestHttpHeader('Referer', '');

  // If there is no allow_origin assume that it is allowed. Also, if there is
  // no referer then grant access since the request probably was not
  // originated from a browser.
  $origin = $this
    ->getPluginKey('allow_origin');
  if (empty($origin) || $origin == '*' || !$referer) {
    return TRUE;
  }
  return strpos($referer, $origin) === 0;
}

You are here

protected function RestfulBase::accessByAllowOrigin in RESTful 7

Return value

File

Class

Code

API Navigation