Fix http origin

get_credential.php

@@ -2,16 +2,16 @@
 /*
 
 // Headers to allow extensions access (CORS)
-$chrome_id = "to-be-confirmed";
+$chrome_id = "chrome-extension://afgpakhonllnmnomchjhidealcpmnegc";
 $firefox_id = "moz-extension://857479e9-3992-4e99-9a5e-b514d2ad0a82";
-$http_origin = $_SERVER['HTTP_ORIGIN'];
-// Note, this IF doesn't seem to work currently either.
-// Additionally, will require cookies set to SameSite None.
-if ($http_origin == "$chrome_id" || $http_origin == "$firefox_id")
-{
-    header("Access-Control-Allow-Origin: $http_origin");
-    header("Access-Control-Allow-Credentials: true");
+
+if (isset($_SERVER['HTTP_ORIGIN'])) {
+    if($_SERVER['HTTP_ORIGIN'] == $chrome_id OR $_SERVER['HTTP_ORIGIN'] == $firefox_id){
+        header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
+        header('Access-Control-Allow-Credentials: true');
     }
+}
+// Additionally, will require cookies set to SameSite None.
 
 include("config.php");
 include("functions.php");
@@ -64,6 +64,7 @@ if($session_user_role < 4){
 
 if(isset($_GET['host'])){
 
+    if(!empty($_GET['host'])){
         $url = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['host'])));
 
         $sql_logins = mysqli_query($mysqli, "SELECT * FROM logins WHERE (login_uri = '$url' AND company_id = '$session_company_id') LIMIT 1");
@@ -76,6 +77,7 @@ if(isset($_GET['host'])){
             echo json_encode($data);
         }
     }
+}
 
 //TODO: Future work:-
 // - Check user has permission to this client