CORS Error when hostin tile proxy on subdomain

[jhit]

Hi @NlL5

I use the updated tile proxy on a dedicated sub-domain.
I have set a referrer to limit access to the tile proxy.

currently the code will cause a cors error in this setup because the required header 'Access-Control-Allow-Origin: *' is never set in the code.

I would like to contribute this fix but want to start a discussion before submitting any changes.

My Idea currently is:

default the $referrer to '*'. Use the $referrer to always create the cors header in

osm-tile-proxy/src/TileProxy.php

Line 260 in 0c2e18f

public function handle(): void

Enable the code to use more than one $referrer.

If a referrer other than '*' is set then also limit the CORS header to the given URLs of the $referrer.

What do you think?

Thank you.

I will take a look in the next days and have a think about it.

@NlL5 feel free to chip in ;)

[NlL5]

Ah I see. I did not notice this, because I only integrated TileProxy into our application and our application sends Access-Control headers on its own.

Since the TileProxy class already has the setReferrer() method, I think it would make sense to also set these as headers.

Idk if you already planned this @jhit, but for extensibility and readability, I think it would be nice to create a protected method "sendHeaders()" or so that is called by the handle() method.

[jhit]

I have not implemented anything yet. I just added the header() call to my index.php to solve my problems.

I agree on encapsulating the headers in a private function. Would you also move

osm-tile-proxy/src/TileProxy.php

Lines 306 to 309 in 0c2e18f

	header("Expires: " . $exp_gmt);
	header("Last-Modified: " . $mod_gmt);
	header("Cache-Control: public, max-age=" . $this->option_ttl);
	header ('Content-Type: image/'.$current_style->getImageFormat());

to this function?

[NlL5]

Good point. Though, I think these should stay, since we probably do not want them in the other if-else-branches, or the error codes get cached or something.