From 7429d512b7905128038733c0f19a3fbbc25a2eae Mon Sep 17 00:00:00 2001
From: Alexandre Emsenhuber <ialex.wiki@gmail.com>
Date: Sun, 22 Jul 2012 20:27:26 +0200
Subject: [PATCH] Use WebRequest instead of $_SERVER in ApiMain.

Change-Id: I964534089e85ec1e9ccf567efa66b05a1a3a7462
---
 includes/api/ApiMain.php | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/includes/api/ApiMain.php b/includes/api/ApiMain.php
index 05f6652c2d..341df24470 100644
--- a/includes/api/ApiMain.php
+++ b/includes/api/ApiMain.php
@@ -422,15 +422,22 @@ class ApiMain extends ApiBase {
 	 */
 	protected function handleCORS() {
 		global $wgCrossSiteAJAXdomains, $wgCrossSiteAJAXdomainExceptions;
-		$response = $this->getRequest()->response();
+
 		$originParam = $this->getParameter( 'origin' ); // defaults to null
 		if ( $originParam === null ) {
 			// No origin parameter, nothing to do
 			return true;
 		}
+
+		$request = $this->getRequest();
+		$response = $request->response();
 		// Origin: header is a space-separated list of origins, check all of them
-		$originHeader = isset( $_SERVER['HTTP_ORIGIN'] ) ? $_SERVER['HTTP_ORIGIN'] : '';
-		$origins = explode( ' ', $originHeader );
+		$originHeader = $request->getHeader( 'Origin' );
+		if ( $originHeader === false ) {
+			$origins = array();
+		} else {
+			$origins = explode( ' ', $originHeader );
+		}
 		if ( !in_array( $originParam, $origins ) ) {
 			// origin parameter set but incorrect
 			// Send a 403 response
-- 
2.20.1