Ignore port when verifying origin

stevenrombauts · stevenrombauts · commit 64c374a8cce5 · 2025-10-06T15:06:05.000+02:00
diff --git a/src/EventListener/OriginListener.php b/src/EventListener/OriginListener.php
@@ -51,14 +51,15 @@ public function onRequest(RequestEvent $event): void
         }
 
         // valid origin
-        $origin = $event->getRequest()->headers->get('Origin');
+        $origin = $event->getRequest()->headers->get('Origin') ?? '';
         if ($origin === 'https://'.$this->packagistHost) {
             return;
         }
 
         // valid as well with HTTP in dev
-        $parts = parse_url($origin);
-        $knownOrigin = $parts['scheme'].'://'.$parts['host'];
+        $scheme = parse_url($origin, PHP_URL_SCHEME);
+        $port = parse_url($origin, PHP_URL_PORT);
+        $knownOrigin = $scheme.'://'.$port;
         if ('dev' === $this->environment && $knownOrigin === 'http://'.$this->packagistHost) {
             return;
         }

Original file line number	Diff line number	Diff line change
`@@ -51,14 +51,15 @@ public function onRequest(RequestEvent $event): void`
`51`	`51`	`}`
`52`	`52`
`53`	`53`	`// valid origin`
`54`		`- $origin = $event->getRequest()->headers->get('Origin');`
	`54`	`+ $origin = $event->getRequest()->headers->get('Origin') ?? '';`
`55`	`55`	`if ($origin === 'https://'.$this->packagistHost) {`
`56`	`56`	`return;`
`57`	`57`	`}`
`58`	`58`
`59`	`59`	`// valid as well with HTTP in dev`
`60`		`- $parts = parse_url($origin);`
`61`		`- $knownOrigin = $parts['scheme'].'://'.$parts['host'];`
	`60`	`+ $scheme = parse_url($origin, PHP_URL_SCHEME);`
	`61`	`+ $port = parse_url($origin, PHP_URL_PORT);`
	`62`	`+ $knownOrigin = $scheme.'://'.$port;`
`62`	`63`	`if ('dev' === $this->environment && $knownOrigin === 'http://'.$this->packagistHost) {`
`63`	`64`	`return;`
`64`	`65`	`}`