Security update for Core, with self-updated composer

[yaffs-website] / vendor / asm89 / stack-cors / src / Asm89 / Stack / CorsService.php

diff --git a/vendor/asm89/stack-cors/src/Asm89/Stack/CorsService.php b/vendor/asm89/stack-cors/src/Asm89/Stack/CorsService.php
index 09dc44b7b0df4875db8cd6cc8cd49e303b3bef7f..ccf5d58cae089486e32b54299c5306108dd9c194 100644 (file)
--- a/vendor/asm89/stack-cors/src/Asm89/Stack/CorsService.php
+++ b/vendor/asm89/stack-cors/src/Asm89/Stack/CorsService.php
@@ -28,6 +28,7 @@ class CorsService
     {
         $options += array(
             'allowedOrigins' => array(),
+            'allowedOriginsPatterns' => array(),
             'supportsCredentials' => false,
             'allowedHeaders' => array(),
             'exposedHeaders' => array(),
@@ -176,7 +177,17 @@ class CorsService
         }
         $origin = $request->headers->get('Origin');
 
-        return in_array($origin, $this->options['allowedOrigins']);
+        if (in_array($origin, $this->options['allowedOrigins'])) {
+            return true;
+        }
+
+        foreach ($this->options['allowedOriginsPatterns'] as $pattern) {
+            if (preg_match($pattern, $origin)) {
+                return true;
+            }
+        }
+
+        return false;
     }
 
     private function checkMethod(Request $request)