<?php
	$debugSystem=false;
	// if (!headers_sent()) {
	//     session_set_cookie_params([
	//         'lifetime' => 0,               // session cookie
	//         'path'     => '/',
	//         'domain'   => '',              // hostname exact
	//         'secure'   => true,            // HTTPS obligatoire
	//         'httponly' => true,
	//         'samesite' => 'None',
	//          'partitioned' => true   // ← nouveau, aide avec state partitioning
	//     ]);
	// }
	// ini_set('session.cookie_secure', '1');
	// ini_set('session.cookie_httponly', '1');
	// ini_set('session.cookie_samesite', 'None');

	// ---------------------------------------------------
	// siteName && Session
	// ---------------------------------------------------
	if (session_status() == PHP_SESSION_NONE) {

		// ---------------------------------------------------
		// siteName
		// ---------------------------------------------------
		$trouve=false;
		if (file_exists("./_conf/siteName.php")) {$includePathConf="./_conf"; $trouve=true;}
		if ($trouve==false ) {if (file_exists("../_conf/siteName.php") && $trouve==false ) {$includePathConf="../_conf"; $trouve=true;} }
		if ($trouve==false ) {if (file_exists("../../_conf/siteName.php") && $trouve==false ) {$includePathConf="../../_conf"; $trouve=true;} }
		if (isset($server) && (file_exists($server. "/_conf/siteName.php") ) && $trouve==false ) {$includePathConf=$server. "/_conf"; $trouve=true;}
		include($includePathConf. "/siteName.php");
		$siteName2 =str_replace(".", "-", $siteName);

		// ---------------------------------------------------
		// session		
		// ---------------------------------------------------
		session_name( $siteName2 );
		session_start();
		$_SESSION['siteName']=session_name();
	}

	// ---------------------------------------------------
	// Cache
	// ---------------------------------------------------
	if ($debugSystem === true) {
		// pas de cache en debug local
		ini_set('opcache.enable', '0');
		ini_set('opcache.enable_cli', '0');
	} else {
		
		header("Cache-Control: private, max-age=259200, must-revalidate"); //3 jours
		// ini_set('opcache.enable', '1');//?
		// ini_set('opcache.enable_cli', '1');

		// il faut faire la compression dans nginx
		// header("Content-Encoding:gzip");
		// ini_set('zlib.output_compression', true);
		
		ini_set('output_buffering', 'on');
		
	}

	// ---------------------------------------------------
	// Headers
	// ---------------------------------------------------
	header("content-type: text/html; charset=UTF-8");

	// Pour activer l'enregistrement du trigger OS marchera en prod uniquement (DNS)
	header('Attribution-Reporting-Eligible: {"trigger": true}');
	header('Attribution-Reporting-Support: {"os": true}');

	// ---------------------------------------------------
	// Cookies 
	// ---------------------------------------------------

	// ---------------------------------------------------
	// Cross content
	// ---------------------------------------------------
	$allowed_origins = [
	"https://kit.fontawesome.com",
		"http://localhost",
		"http://192.168.0.1",
		"http://192.168.0.3",
		"http://192.168.0.4",
		"http://82.65.223.80",
		"http://146.105.42.142",
		"https://123ventes.com",
		"https://123vente.com",
		"http://edserv",
		"http://edport",
		"https://google.com",
		"https://my-chop.com",
		"https://nobug.lan",
		"https://my-shop.nobug.lan"	    
	];

	if (in_array($_SERVER['HTTP_ORIGIN'] ?? '', $allowed_origins)) {
		header("Access-Control-Allow-Origin: ". $_SERVER['HTTP_ORIGIN']);
	}
	// header ('Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, PATCH, DELETE');
	header ('Access-Control-Allow-Methods: POST, GET ');

	// il faut faire la compression dans nginx
	// header( "Content-Encoding: compress" );
	
	// ---------------------------------------------------
	// Content-Security-Policy
	// ---------------------------------------------------		
	header("Content-Security-Policy: ".
		"default-src 'self'; ".

		// Connexions (AJAX, fetch, WebSocket)
		"connect-src 'self' https://localhost http://localhost https://edserv https://edport https://my-shop.nobug.lan https://my-chop.com ".
			"https://www.123ventes.com https://123ventes.com ".
			"https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com ".
			"https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net ".
			"https://region1.analytics.google.com https://region1.google-analytics.com ".
			"https://www.google.com https://www.google.fr/ads/ga-audiences ".
			"https://www.paypal.com ".
			"https://www.sandbox.paypal.com ".
			"https://ep1.adtrafficquality.google https://ep2.adtrafficquality.google ".
			"https://d.delivery.consentmanager.net; ".

		// Scripts
		"script-src 'self' 'unsafe-inline' https://localhost http://localhost https://edserv https://edport https://my-shop.nobug.lan https://my-chop.com ".
			"https://www.123ventes.com https://123ventes.com ".
		    "https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com ".
		    "https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net ".
		    "https://ep1.adtrafficquality.google https://ep2.adtrafficquality.google ".
		    "https://cdn.consentmanager.net https://d.delivery.consentmanager.net ".
		    "https://www.paypal.com ".
		    "https://www.sandbox.paypal.com ".
		    "https://js.stripe.com ".
		    "https://www.google.com/recaptcha; ".

		"script-src-elem 'self' 'unsafe-inline' https://localhost http://localhost https://edserv https://edport https://my-shop.nobug.lan https://my-chop.com ".
			"https://www.123ventes.com https://123ventes.com ".
		    "https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com ".
		    "https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net ".
		    "https://ep1.adtrafficquality.google https://ep2.adtrafficquality.google ".
		    "https://cdn.consentmanager.net https://d.delivery.consentmanager.net ".
		    "https://www.paypal.com ".
		    "https://www.sandbox.paypal.com ".
		    "https://www.google.com/recaptcha;".

		// Styles
		"style-src 'self' 'unsafe-inline' https://localhost http://localhost https://edserv https://edport https://my-shop.nobug.lan https://my-chop.com ".
		"https://www.123ventes.com https://123ventes.com ".
		"https://use.fontawesome.com ".
		"https://fonts.googleapis.com ".
		"https://ws.colissimo.fr ".
		"https://cdn.jsdelivr.net; ".
		
		"style-src-elem 'self' 'unsafe-inline' https://localhost http://localhost https://edserv https://edport https://my-shop.nobug.lan https://my-chop.com ".
		"https://www.123ventes.com https://123ventes.com ".
		"https://use.fontawesome.com ".
		"https://cdn.consentmanager.net ".
		"https://fonts.googleapis.com ".
		"https://ws.colissimo.fr ".
		"https://cdn.jsdelivr.net ".
		"https://fonts.gstatic.com; ".

		"style-src-attr 'unsafe-inline'; ".

		// Fonts
		"font-src 'self' https://fonts.gstatic.com; ".

		// Images (pixels de suivi inclus)
		"img-src 'self' data: https://localhost http://localhost https://edserv https://edport https://my-shop.nobug.lan https://my-chop.com ".
			"https://cdn.consentmanager.net https://d.delivery.consentmanager.net ".
			"https://www.google.com https://www.google.fr ".
			"https://ep1.adtrafficquality.google https://ep2.adtrafficquality.google ".
			"https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net ".
			"https://www.paypalobjects.com https://www.sandbox.paypal.com https://www.paypal.com ".
			"https://www.123ventes.com https://123ventes.com ".
			"https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com; ".
			
		// Frames / iframes
		"frame-src https://localhost http://localhost https://edserv https://edport https://my-shop.nobug.lan https://my-chop.com ".
			"https://123ventes.blogspot.com  https://123ventes.com  https://www.123ventes.com https://www.googletagmanager.com https://www.google.com ".
			"https://www.paypal.com https://www.sandbox.paypal.com ".
			"https://checkout.stripe.com https://js.stripe.com ".
			"https://pagead2.googlesyndication.com https://ep1.adtrafficquality.google https://ep2.adtrafficquality.google; ".

		// Autres directives
		"object-src 'none'; ".
		"base-uri 'self'; ".
		"form-action https://localhost http://localhost https://edserv https://edport https://my-shop.nobug.lan:* https://my-chop.com:* https://checkout.stripe.com/; "
		// "form-action * "
	);

	// ---------------------------------------------------
	// Debug headers
	// ---------------------------------------------------
	$debugHeader=false ;
	if (isset($debugHeader) && $debugHeader==true) {
		$headers = getallheaders();
		foreach ($headers as $header => $value) {
			 echo "<span style=\"background-color:white;color:black;text-align:left;\">$header: $value <br />\n";
		}
		// session_set_cookie_params([
		// 	'domain' => '192.168.0.4',  // Utilise le domaine complet (avec un point au début)
		// 	'domain' => 'my-shop.nobug.lan',  // Utilise le domaine complet (avec un point au début)
		// ]);
	}

?>