From 5c352eaf09e6932f00b3f2d6ea085b07cdd0feed Mon Sep 17 00:00:00 2001
From: Brad Jorsch <bjorsch@wikimedia.org>
Date: Mon, 8 Dec 2014 10:43:50 -0500
Subject: [PATCH] SECURITY: Fix CORS origin matching in the API

Bug: T77028
Change-Id: I68c1ee5b5a048af2aba4e710bc301b09748389bf
---
 includes/api/ApiMain.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/includes/api/ApiMain.php b/includes/api/ApiMain.php
index 81353f64b1..c03e513779 100644
--- a/includes/api/ApiMain.php
+++ b/includes/api/ApiMain.php
@@ -575,7 +575,7 @@ class ApiMain extends ApiBase {
 			$wildcard
 		);
 
-		return "/https?:\/\/$wildcard/";
+		return "/^https?:\/\/$wildcard$/";
 	}
 
 	protected function sendCacheHeaders() {
-- 
2.20.1