Pi-Hole/web
1
0
Fork 0
mirror of https://github.com/pi-hole/web.git synced 2026-04-25 11:19:59 +01:00
Code Issues Packages Projects Releases Wiki Activity

Trim excess whitespace

Browse Source 
Signed-off-by: a1346054 <36859588+a1346054@users.noreply.github.com>
This commit is contained in:
a1346054
2021-09-15 20:25:30 +00:00
parent 48c63c0a0b
commit 26f0203137
6 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
scripts/pi-hole/php/auth.php
View File

@@ -47,12 +47,12 @@ function check_cors() {
$virtual_host = getenv('VIRTUAL_HOST');
if (! empty($virtual_host))
array_push($AUTHORIZED_HOSTNAMES, $virtual_host);
# Allow user set CORS
$cors_hosts = getenv('CORS_HOSTS');
if (! empty($cors_hosts))
array_push($AUTHORIZED_HOSTNAMES, ...explode(",", $cors_hosts));
// Since the Host header is easily manipulated, we can only check if it's wrong and can't use it
// to validate that the client is authorized, only unauthorized.
$server_host = $_SERVER['HTTP_HOST'];
@@ -105,7 +105,7 @@ function check_csrf($token) {
// Start a new PHP session (or continue an existing one)
// Prevents javascript XSS attacks aimed to steal the session ID
ini_set('session.cookie_httponly', 1);
// Prevent Session ID from being passed through URLs
// Prevent Session ID from being passed through URLs
ini_set('session.use_only_cookies', 1);
session_start();
}