From c06c201b903cf261e1c1428aede09b7aad4c6ee3 Mon Sep 17 00:00:00 2001
From: Moritz Marquardt <git@momar.de>
Date: Tue, 16 Mar 2021 15:46:29 +0100
Subject: [PATCH] Allow CORS only to design.codeberg.org and
 fonts.codeberg.org, or on "raw.*.non-org-tld"

---
 var/www/pages/index.php | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/var/www/pages/index.php b/var/www/pages/index.php
index f97524d..bf17845 100644
--- a/var/www/pages/index.php
+++ b/var/www/pages/index.php
@@ -20,16 +20,19 @@ $repo = "pages";
 
 if ($tld === "org") {
     $subdomain_repo = array(
-        "docs" => array("docs", "pages"),
-        "fonts" => array("codeberg-fonts", "pages"),
-        "get-it-on" => array("get-it-on", "pages"),
-        "design" => array("Codeberg", "Design")
+        // subdomain => array(owner, repo, allowCORS),
+        "docs" => array("docs", "pages", false),
+        "fonts" => array("codeberg-fonts", "pages", true),
+        "get-it-on" => array("get-it-on", "pages", false),
+        "design" => array("Codeberg", "Design", true)
     );
     if (array_key_exists($subdomain, $subdomain_repo)) {
         $owner = $subdomain_repo[$subdomain][0];
         $repo = $subdomain_repo[$subdomain][1];
-        // Allow CORS requests to static *.codeberg.org pages, for web fonts etc.
-        header("Access-Control-Allow-Origin: *");
+        if ($subdomain_repo[$subdomain][2]) {
+            // Allow CORS requests to specified pages, for web fonts etc.
+            header("Access-Control-Allow-Origin: *");
+        }
     } else {
         $owner = strtolower(array_shift($request_url_parts));
         if (!$owner) {