I successfully implemented an allow list for #CORS headers in #PHP!
$allowedOrigins = ["https://friendly.site"];
header("Access-Control-Allow-Headers: Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers");
$headers = apache_request_headers();
if (!array_key_exists("Origin", $headers)) {
return;
}
if (in_array($headers["Origin"], $allowedOrigins)) {
header("Access-Control-Allow-Origin: " . $headers["Origin"]);
}