| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546 |
- <?php
- // proxy.php — server-side proxy restricted to the Tasmanian LIST ArcGIS service.
- // Originally used by plan-view.html for planning data lookups; the main app now uses
- // classes/list_lookup.php instead. This file is kept for legacy/diagnostic use only.
- header("Access-Control-Allow-Origin: https://modulosdesign.com.au");
- header("Content-Type: application/json");
- $ALLOWED_HOSTS = [
- 'services.thelist.tas.gov.au',
- 'thelistsrv.thelist.tas.gov.au',
- ];
- $url = $_GET['url'] ?? '';
- if (!$url) {
- http_response_code(400);
- echo json_encode(['error' => 'Missing url parameter']);
- exit;
- }
- $parsed = parse_url($url);
- $host = strtolower($parsed['host'] ?? '');
- if (!in_array($host, $ALLOWED_HOSTS, true)) {
- http_response_code(403);
- echo json_encode(['error' => 'Host not permitted: ' . htmlspecialchars($host, ENT_QUOTES, 'UTF-8')]);
- exit;
- }
- // Only allow HTTPS to prevent downgrade to plain HTTP
- if (($parsed['scheme'] ?? '') !== 'https') {
- http_response_code(403);
- echo json_encode(['error' => 'Only HTTPS URLs are permitted']);
- exit;
- }
- $response = file_get_contents($url);
- if ($response === false) {
- http_response_code(502);
- echo json_encode(['error' => 'Upstream request failed']);
- exit;
- }
- echo $response;
|
