X-Git-Url: https://git.cyclocoop.org/%27.WWW_URL.%27admin/?a=blobdiff_plain;f=includes%2Fapi%2FApiMain.php;h=5e972939782cbac3360adf9ebdb852f26fc3390d;hb=3d0215c357b8b11a7a8e7bdcbcc178fc4fa70ca9;hp=05f6652c2d30669e11ab116af72071db2a57a007;hpb=9effaea71a3efa2bbc6d7ab83a62c16b900dc821;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/api/ApiMain.php b/includes/api/ApiMain.php
index 05f6652c2d..5e97293978 100644
--- a/includes/api/ApiMain.php
+++ b/includes/api/ApiMain.php
@@ -65,6 +65,7 @@ class ApiMain extends ApiBase {
 
 		// Write modules
 		'purge' => 'ApiPurge',
+		'setnotificationtimestamp' => 'ApiSetNotificationTimestamp',
 		'rollback' => 'ApiRollback',
 		'delete' => 'ApiDelete',
 		'undelete' => 'ApiUndelete',
@@ -422,15 +423,22 @@ class ApiMain extends ApiBase {
 	 */
 	protected function handleCORS() {
 		global $wgCrossSiteAJAXdomains, $wgCrossSiteAJAXdomainExceptions;
-		$response = $this->getRequest()->response();
+
 		$originParam = $this->getParameter( 'origin' ); // defaults to null
 		if ( $originParam === null ) {
 			// No origin parameter, nothing to do
 			return true;
 		}
+
+		$request = $this->getRequest();
+		$response = $request->response();
 		// Origin: header is a space-separated list of origins, check all of them
-		$originHeader = isset( $_SERVER['HTTP_ORIGIN'] ) ? $_SERVER['HTTP_ORIGIN'] : '';
-		$origins = explode( ' ', $originHeader );
+		$originHeader = $request->getHeader( 'Origin' );
+		if ( $originHeader === false ) {
+			$origins = array();
+		} else {
+			$origins = explode( ' ', $originHeader );
+		}
 		if ( !in_array( $originParam, $origins ) ) {
 			// origin parameter set but incorrect
 			// Send a 403 response