PHP Classes

File: multiple.php

Recommend this page to a friend!
  Classes of Free Ment   PHP Live Chat Browser   multiple.php   Download  
File: multiple.php
Role: Auxiliary script
Content type: text/plain
Description: Auxiliary script
Class: PHP Live Chat Browser
Live chat with users of the same or another site
Author: By
Last change:
Date: 7 months ago
Size: 3,198 bytes


Class file image Download

 * An example CORS-compliant method. It will allow any GET, POST, or OPTIONS requests from any
 * origin.
 * In a production environment, you probably want to be more restrictive, but this gives you
 * the general idea of what is involved. For the nitty-gritty low-down, read:
 * -
 * -
function cors() {

// Allow from any origin
if (isset($_SERVER['HTTP_ORIGIN'])) {
// Decide if the origin in $_SERVER['HTTP_ORIGIN'] is one
        // you want to allow, and if so:
header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Max-Age: 86400'); // cache for 1 day

// Access-Control headers are received during OPTIONS requests

        if (isset(
// may also be using PUT, PATCH, HEAD etc
header("Access-Control-Allow-Methods: GET, POST, OPTIONS");

        if (isset(
header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");


"You have CORS!";

//print('$_SERVER: ');var_dump($_SERVER);exit(0);
//print('getallheaders() before: ');var_dump(getallheaders());
//print('$_SERVER[\'HTTP_ORIGIN\']: ');var_dump($_SERVER['HTTP_ORIGIN']);
//print('$_SERVER[\'REQUEST_METHOD\']: ');var_dump($_SERVER['REQUEST_METHOD']);
//header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
////header('Access-Control-Allow-Origin: *');
////header('Access-Control-Allow-Credentials: true');
////header('Access-Control-Max-Age: 86400'); // cache for 1 day
//header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
////header('Access-Control-Allow-Methods: GET, POST, OPTIONS');
////header('Content-Security-Policy: default-src \'self\'');
//print('<br /><br />');
//print('getallheaders() after: ');var_dump(getallheaders());exit(0);

//child-src 'self'
//frame-src 'self'
//X-Frame-Options: DENY
//X-Frame-Options: SAMEORIGIN
/*header('Content-Security-Policy: child-src *');*/
$URL = '';
//header('Content-Security-Policy: frame-src *;');
//header('Content-Security-Policy: "frame-ancestors *;"');
print('headers: ');var_dump(get_headers($URL, true));


iframe { border: 10px solid black; float: left; }
p { clear: both; }
<p>external iframes</p>
<iframe id="iframe1" src=""></iframe>
<iframe id="iframe2" src=""></iframe>
<iframe id="iframe3" src=""></iframe>
<p>internal iframes</p>
<iframe id="iframe4" src="slide.php"></iframe>
<iframe id="iframe5" src="input.php"></iframe>
<iframe id="iframe6" src="interact.php"></iframe>

print('headers: ');var_dump(get_headers($URL, true));exit(0);