I’m using 3.8.2
It’s giving a 500 error
It appears to be changing the end of the dmxConnect file from:
if (CONFIG('CORS_ORIGIN') !== FALSE) {
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
$origin = CONFIG('CORS_ORIGIN') ?: '*';
$methods = CONFIG('CORS_METHODS');
$allowedHeaders = CONFIG('CORS_ALLOWED_HEADERS');
header("HTTP/1.1 204 NO CONTENT");
header("Access-Control-Allow-Origin: $origin");
header("Access-Control-Allow-Methods: $methods");
if (CONFIG('CORS_CREDENTIALS') === TRUE) {
header("Access-Control-Allow-Credentials: true");
}
header("Access-Control-Allow-Headers: $allowedHeaders");
exit();
} else {
$origin = CONFIG('CORS_ORIGIN') ?: '*';
header("Access-Control-Allow-Origin: $origin");
if (CONFIG('CORS_CREDENTIALS') === TRUE) {
header("Access-Control-Allow-Credentials: true");
}
}
}
to
if (CONFIG('CORS_ORIGIN') !== FALSE) {
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
$origin = CONFIG('CORS_ORIGIN') ?: '*';
$methods = CONFIG('CORS_METHODS');
$allowedHeaders = CONFIG('CORS_ALLOWED_HEADERS');
if ($origin == '*' && isset($_SERVER['HTTP_ORIGIN'])) {
$origin = $_SERVER['HTTP_ORIGIN'];
}
header("HTTP/1.1 204 NO CONTENT");
header("Access-Control-Allow-Origin: $origin");
header("Access-Control-Allow-Methods: $methods");
if (CONFIG('CORS_CREDENTIALS') === TRUE) {
header("Access-Control-Allow-Credentials: true");
}
header("Access-Control-Allow-Headers: $allowedHeaders");
exit();
} else {
$origin = CONFIG('CORS_ORIGIN') ?: '*';
if ($origin == '*' && isset($_SERVER['HTTP_ORIGIN'])) {
$origin = $_SERVER['HTTP_ORIGIN'];
}
try {
if (!empty($_SERVER['HTTPS'])) {
if (version_compare(PHP_VERSION, '7.3.0', '<')) {
session_set_cookie_params(0, '/; samesite=None', $_SERVER['HTTP_HOST'], TRUE, TRUE);
} else {
session_set_cookie_params([
'samesite' => 'None',
'httponly' => TRUE,
'secure' => TRUE
]);
}
}
} catch (\Exception $e) {
// ignore
}
header("Access-Control-Allow-Origin: $origin");
if (CONFIG('CORS_CREDENTIALS') === TRUE) {
header("Access-Control-Allow-Credentials: true");
}
}
}