@@ 668-673 (lines=6) @@ | ||
665 | ||
666 | // Origin: header is a space-separated list of origins, check all of them |
|
667 | $originHeader = $request->getHeader( 'Origin' ); |
|
668 | if ( $originHeader === false ) { |
|
669 | $origins = []; |
|
670 | } else { |
|
671 | $originHeader = trim( $originHeader ); |
|
672 | $origins = preg_split( '/\s+/', $originHeader ); |
|
673 | } |
|
674 | ||
675 | if ( !in_array( $originParam, $origins ) ) { |
|
676 | // origin parameter set but incorrect |
|
@@ 194-199 (lines=6) @@ | ||
191 | // Log if a request with a non-whitelisted Origin header is seen |
|
192 | // with session cookies. |
|
193 | $originHeader = $request->getHeader( 'Origin' ); |
|
194 | if ( $originHeader === false ) { |
|
195 | $origins = []; |
|
196 | } else { |
|
197 | $originHeader = trim( $originHeader ); |
|
198 | $origins = preg_split( '/\s+/', $originHeader ); |
|
199 | } |
|
200 | $sessionCookies = array_intersect( |
|
201 | array_keys( $_COOKIE ), |
|
202 | MediaWiki\Session\SessionManager::singleton()->getVaryCookies() |