CORS Proof of Concept by BitBonsai Labs

Getting data from a completely different domain without XSS headaches… CORS awesomeness is awesome!

Server:

// access control. If doesn't contains jshell.net, forbid
$origin = $_SERVER['HTTP_ORIGIN'];
if(strpos($origin, 'jshell.net')){
    header("Access-Control-Allow-Origin: {$origin}");
    header("Access-Control-Allow-Headers: content-type, accept");
    header("Access-Control-Max-Age: 10"); // seconds
    header('Content-type: application/json');
    
    // business "logic"
    if(isset($_GET['age'])){
        print '{"whatever" : {"age" : "'. $_GET['age'] .'"}}';
    } else {
        print '{"whatever" : {"ip" : "'.$_SERVER['REMOTE_ADDR'].'"}}';
    }
    
} else {
    header('HTTP/1.0 400 Bad Request', true, 400);
}

// access control. If doesn't contains jshell.net, forbid

$origin = $_SERVER['HTTP_ORIGIN'];

if(strpos($origin, 'jshell.net')){

header("Access-Control-Allow-Origin: {$origin}");

header("Access-Control-Allow-Headers: content-type, accept");

header("Access-Control-Max-Age: 10"); // seconds

header('Content-type: application/json');

// business "logic"

if(isset($_GET['age'])){

print '{"whatever" : {"age" : "'. $_GET['age'] .'"}}';

} else {

print '{"whatever" : {"ip" : "'.$_SERVER['REMOTE_ADDR'].'"}}';

}

} else {

header('HTTP/1.0 400 Bad Request', true, 400);

}

BitBonsai Labs

Mauricio Wolff

"The art of bonsai tells a story through living illusion. A bonsai artist searches for ways to express his personal creativity by mixing form and thought in a miniature world." Now imagine a bonsai made of bits. That's code to me.

CORS Proof of Concept

Server:

Client:

Also read...

nodejs, npm and sqlite3 [SOLVED]

CORS Proof of Concept

Server:

Client:

Also read...

nodejs, npm and sqlite3 [SOLVED]

Profile cancel