Return correct CORS header for Host

If only Host was correct (FireFox and IE only set Host
for same-origin requests) then it would still use the
empty Origin header for the CORS response, leading to
`Access-Control-Allow-Origin: `

php/add.php

@@ -3,12 +3,13 @@ if(!isset($_POST['domain'], $_POST['list'], $_POST['token']))
     die("Missing POST variables");
 
 // Check CORS
-if($_SERVER['HTTP_ORIGIN'] != "http://pi.hole" && $_SERVER['HTTP_ORIGIN'] != "http://${_SERVER['SERVER_ADDR']}" &&
-    $_SERVER['HTTP_HOST'] != $_SERVER['SERVER_ADDR'] && $_SERVER['HTTP_HOST'] != "pi.hole")
+if($_SERVER['HTTP_ORIGIN'] == "http://pi.hole" || $_SERVER['HTTP_ORIGIN'] == "http://${_SERVER['SERVER_ADDR']}")
+    header("Access-Control-Allow-Origin: ${_SERVER['HTTP_ORIGIN']}");
+else if($_SERVER['HTTP_HOST'] == $_SERVER['SERVER_ADDR'] || $_SERVER['HTTP_HOST'] == "pi.hole")
+    header("Access-Control-Allow-Origin: ${_SERVER['HTTP_HOST']}");
+else
     die("Failed CORS");
 
-header("Access-Control-Allow-Origin: ${_SERVER['HTTP_ORIGIN']}");
-
 session_start();
 
 // Check CSRF token

php/sub.php

@@ -3,12 +3,13 @@ if(!isset($_POST['domain'], $_POST['list'], $_POST['token']))
     die("Missing POST variables");
 
 // Check CORS
-if($_SERVER['HTTP_ORIGIN'] != "http://pi.hole" && $_SERVER['HTTP_ORIGIN'] != "http://${_SERVER['SERVER_ADDR']}" &&
-    $_SERVER['HTTP_HOST'] != $_SERVER['SERVER_ADDR'] && $_SERVER['HTTP_HOST'] != "pi.hole")
+if($_SERVER['HTTP_ORIGIN'] == "http://pi.hole" || $_SERVER['HTTP_ORIGIN'] == "http://${_SERVER['SERVER_ADDR']}")
+    header("Access-Control-Allow-Origin: ${_SERVER['HTTP_ORIGIN']}");
+else if($_SERVER['HTTP_HOST'] == $_SERVER['SERVER_ADDR'] || $_SERVER['HTTP_HOST'] == "pi.hole")
+    header("Access-Control-Allow-Origin: ${_SERVER['HTTP_HOST']}");
+else
     die("Failed CORS");
 
-header("Access-Control-Allow-Origin: ${_SERVER['HTTP_ORIGIN']}");
-
 session_start();
 
 // Check CSRF token