CORS, trusted domain

Core/API/LogsAPI.class.php

@@ -105,6 +105,8 @@ namespace Core\API\Logs {
                 "message" => $content,
                 "timestamp" => $date->format(Parameter::DATE_TIME_FORMAT)
               ];
+
+              $this->result["pagination"]["total"] += 1;
             }
           }
         }
@@ -139,6 +141,7 @@ namespace Core\API\Logs {
             "timestamp" => (new \DateTime())->format(Parameter::DATE_TIME_FORMAT)
           ]
         ];
+        $this->result["pagination"]["total"] += 1;
       }
 
       $this->loadFromFileSystem($this->result["logs"]);

Core/API/Request.class.php

@@ -161,8 +161,20 @@ abstract class Request {
     return true;
   }
 
+  protected function getCORS(): array {
+    $settings = $this->context->getSettings();
+    return $settings->getTrustedDomains();
+  }
+
   public final function execute($values = array()): bool {
 
+    if ($this->externalCall) {
+      $trustedDomains = $this->getCORS();
+      if (!empty($trustedDomains)) {
+        header("Access-Control-Allow-Origin: " . implode(", ", $trustedDomains));
+      }
+    }
+
     $this->params = array_merge([], $this->defaultParams);
     $this->success = false;
     $this->result = array();

Core/API/SettingsAPI.class.php

@@ -53,6 +53,7 @@ namespace Core\API\Settings {
     }
   }
 
+  // TODO: we need additional validation for built-in settings here, e.g. csv-values, bool values, etc.
   class Set extends SettingsAPI {
     public function __construct(Context $context, bool $externalCall = false) {
       parent::__construct($context, $externalCall, array(

Core/API/Swagger.class.php

@@ -13,9 +13,12 @@ class Swagger extends Request {
     $this->csrfTokenRequired = false;
   }
 
+  protected function getCORS(): array {
+    return ["*"];
+  }
+
   public function _execute(): bool {
     header("Content-Type: application/x-yaml");
-    header("Access-Control-Allow-Origin: *");
     die($this->getDocumentation());
   }