<?php
/**
 * Piwik - free/libre analytics platform
 *
 * @link http://piwik.org
 * @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
 *
 */
namespace Piwik\API;

use Piwik\Url;

class CORSHandler
{
    /**
     * @var array
     */
    protected $domains;

    public function __construct()
    {
        $this->domains = Url::getCorsHostsFromConfig();
    }

    public function handle()
    {
        // allow Piwik to serve data to all domains
        if (in_array("*", $this->domains)) {
            header('Access-Control-Allow-Origin: *');
            return;
        }

        // specifically allow if it is one of the whitelisted CORS domains
        if (!empty($_SERVER['HTTP_ORIGIN'])) {
            $origin = $_SERVER['HTTP_ORIGIN'];
            if (in_array($origin, $this->domains, true)) {
                header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);
            }
        }
    }
}