Trim whitespace from allowed origins before checking them.

2020-07-21 11:08:03 -04:00 · 2020-07-21 11:08:03 -04:00 · 282ac7fa71
parent 0b59497344
commit 282ac7fa71
1 changed files with 3 additions and 0 deletions
--- a/modules/farm/farm_access/farm_access.module
+++ b/modules/farm/farm_access/farm_access.module
@ -12,6 +12,9 @@ function farm_access_init() {
  // Allow API access from approved origins (defaults to https://farmos.app).
  $allowed_origins = explode("\n", variable_get('farm_access_allow_origin', 'https://farmos.app'));
  $headers = getallheaders();
+  foreach ($allowed_origins as &$value) {
+    $value = trim($value);
+  }
  if (!empty($headers['Origin'])) {
    if (in_array($headers['Origin'], $allowed_origins)) {
      drupal_add_http_header('Access-Control-Allow-Origin', $headers['Origin']);