From affed3608631e832dd43e185d6fdec04c5b9d060 Mon Sep 17 00:00:00 2001
From: kenneth <kgabrielr@yahoo.com>
Date: Sat, 22 Oct 2016 16:21:51 -0400
Subject: [PATCH 1/2] Added support for CORS

---
 Herbert/Framework/Application.php | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/Herbert/Framework/Application.php b/Herbert/Framework/Application.php
index ee7c3e1..9deff2c 100644
--- a/Herbert/Framework/Application.php
+++ b/Herbert/Framework/Application.php
@@ -133,6 +133,14 @@ class Application extends \Illuminate\Container\Container implements \Illuminate
      */
     protected $builtViewGlobals = null;
 
+
+    /**
+     * Allow Cross Origin Requests
+     * @boolean allow
+     */
+
+    protected $allow = false;
+
     /**
      * Constructs the application and ensures it's correctly setup.
      */
@@ -299,6 +307,10 @@ public function loadPlugin($config)
         $this->addPluginComposers(
             array_get($config, 'viewComposers', [])
         );
+
+        $this->allowCORSDomains(
+            array_get($config, 'CORS',false)
+        );
     }
 
     /**
@@ -1274,4 +1286,22 @@ public function getCachedServicesPath()
         return $this->basePath() . '/vendor/services.json';
     }
 
+
+    /**
+     * Allow the Http request from different sources(CORS)
+     *
+     */
+
+    public function allowCORSDomains($allow)
+    {
+        if($allow == true){
+
+            add_action('init', 'add_origins');
+            function add_origins(){
+                header("Access-Control-Allow-Origin: *");
+            }
+        }
+    }
+
+
 }

From 175a758d428fc62913c7d34b11b1334ee285bc95 Mon Sep 17 00:00:00 2001
From: kenneth <kgabrielr@yahoo.com>
Date: Sun, 15 Jan 2017 12:54:14 -0400
Subject: [PATCH 2/2] Added CORS for Multiple Domains

---
 Herbert/Framework/Application.php | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/Herbert/Framework/Application.php b/Herbert/Framework/Application.php
index 9deff2c..78d0f5f 100644
--- a/Herbert/Framework/Application.php
+++ b/Herbert/Framework/Application.php
@@ -309,7 +309,7 @@ public function loadPlugin($config)
         );
 
         $this->allowCORSDomains(
-            array_get($config, 'CORS',false)
+            array_get($config, 'CORS', false ,[])
         );
     }
 
@@ -1292,13 +1292,17 @@ public function getCachedServicesPath()
      *
      */
 
-    public function allowCORSDomains($allow)
+    public function allowCORSDomains($allow, $domains =[])
     {
         if($allow == true){
 
-            add_action('init', 'add_origins');
-            function add_origins(){
-                header("Access-Control-Allow-Origin: *");
+            $origin  = $_SERVER['HTTP_REFERER'];
+            if(in_array($origin, $domains)){
+
+                add_action('init', 'add_origins');
+                function add_origins(){
+                    header("Access-Control-Allow-Origin: " .$_SERVER['HTTP_ORIGIN']);
+                }
             }
         }
     }