Support array as config.allowed_origin

1 files changed, 12 insertions, 1 deletions

diff --git a/src/CamilStaps/BotleaguesApi/BotleaguesApiServiceProvider.php b/src/CamilStaps/BotleaguesApi/BotleaguesApiServiceProvider.php
index 3cf6e12..76167e2 100644
--- a/src/CamilStaps/BotleaguesApi/BotleaguesApiServiceProvider.php
+++ b/src/CamilStaps/BotleaguesApi/BotleaguesApiServiceProvider.php
@@ -1,6 +1,7 @@
 <?php 
 namespace CamilStaps\BotleaguesApi;
 
+use \Illuminate\Support\Facades\Request;
 use \Illuminate\Support\ServiceProvider;
 use \Illuminate\Support\Facades\App;
 use \Illuminate\Support\Facades\Config;
@@ -30,7 +31,17 @@ class BotleaguesApiServiceProvider extends ServiceProvider {
 		include __DIR__ . '/../../routes.php';
 
 		// To allow loading API requests from the specified domain
-		header('Access-Control-Allow-Origin: ' . Config::get('config.allowed_origin'));
+        $allowed_origin = Config::get('config.allowed_origin');
+        if (is_array($allowed_origin)) {
+            $origin = Request::header('Origin');
+            if (in_array($origin, $allowed_origin)) {
+                header('Access-Control-Allow-Origin: ' . $origin);
+            } else {
+                header('Access-Control-Allow-Origin: ' . $allowed_origin[0]);
+            }
+        } else {
+            header('Access-Control-Allow-Origin: ' . $allowed_origin);
+        }
         header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE');
         header('Access-Control-Allow-Headers: Authorization');