CORS support for APIs

fromtheexchange

I would love built in CORS support for APIs. I saw one post on how to add CORS, but it uses the wildcard and opens the site up to any domain.

Even though I’ve never written php before, I was able to cobble together a temporary solution that can be pasted at the top of these API endpoints:

• http://your_sendy_installation/subscribe.php
• http://your_sendy_installation/unsubscribe.php
• http://your_sendy_installation/api/subscribers/delete.php
• http://your_sendy_installation/api/subscribers/subscription-status.php
• http://your_sendy_installation/api/subscribers/active-subscriber-count.php
• http://your_sendy_installation/api/campaigns/create.php

Code:

Please note that $allowed_domains includes all subdomains.

Also, a note for others using fetch/axios. The content-type must be application/x-www-form-urlencoded;charset=UTF-8, and the body can be built using the querystring package or URLSearchParams.

References

• https://wesbos.com/mailchimp-to-sendy/
• https://stackoverflow.com/questions/1201194/php-getting-domain-name-from-subdomain/49338205#49338205
• https://stackoverflow.com/questions/7564832/how-to-bypass-access-control-allow-origin/17098221#17098221