_request = $request; // Add advice $this->setAdvice(AuthorizationPolicy::AUTHORIZATION_ADVICE_CALL_ON_DENY, [$this, 'callOnDeny', []]); } // // Implement template methods from AuthorizationPolicy // /** * @see AuthorizationPolicy::applies() */ public function applies() { return Config::getVar('general', 'allowed_hosts') != ''; } /** * @see AuthorizationPolicy::effect() */ public function effect() { // The list of server hosts, when specified, is a JSON array. Decode it // and make it lowercase. $allowedHosts = Config::getVar('general', 'allowed_hosts'); $allowedHosts = array_map('strtolower', json_decode($allowedHosts)); $serverHost = $this->_request->getServerHost(null, false); return in_array(strtolower($serverHost), $allowedHosts) ? AuthorizationPolicy::AUTHORIZATION_PERMIT : AuthorizationPolicy::AUTHORIZATION_DENY; } /** * Handle a mismatch in the allowed hosts expectation. */ public function callOnDeny() { http_response_code(400); error_log('Server host "' . $this->_request->getServerHost(null, false) . '" not allowed!'); fatalError('400 Bad Request'); } }