protected function _check_cors()
{
// Convert the config items into strings
$allowed_headers = implode(' ,', $this->config->item('allowed_cors_headers'));
$allowed_methods = implode(' ,', $this->config->item('allowed_cors_methods'));
// If we want to allow any domain to access the API
if ($this->config->item('allow_any_cors_domain') === TRUE) {
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Headers: ' . $allowed_headers);
header('Access-Control-Allow-Methods: ' . $allowed_methods);
} else {
// We're going to allow only certain domains access
// Store the HTTP Origin header
$origin = $this->input->server('HTTP_ORIGIN');
if ($origin === NULL) {
$origin = '';
}
// If the origin domain is in the allowed_cors_origins list, then add the Access Control headers
if (in_array($origin, $this->config->item('allowed_cors_origins'))) {
header('Access-Control-Allow-Origin: ' . $origin);
header('Access-Control-Allow-Headers: ' . $allowed_headers);
header('Access-Control-Allow-Methods: ' . $allowed_methods);
}
}
// If the request HTTP method is 'OPTIONS', kill the response and send it to the client
if ($this->input->method() === 'options') {
exit;
}
}