diff --git a/backend/config/site-config.php b/backend/config/site-config.php
new file mode 100644
index 0000000..2dbd5e8
--- /dev/null
+++ b/backend/config/site-config.php
@@ -0,0 +1,68 @@
+
+ */
+function getAllowedOrigins(): array
+{
+ return [
+ 'https://' . SITE_DOMAIN_PRODUCTION,
+ 'https://www.' . SITE_DOMAIN_PRODUCTION,
+ 'https://' . SITE_DOMAIN_DEVELOPMENT,
+ 'http://localhost',
+ 'http://127.0.0.1',
+ 'http://localhost:8000',
+ ];
+}
+
+/**
+ * Kanonische Basis-URL für SEO (Produktion immer hexahost.de)
+ */
+function getCanonicalBaseUrl(): string
+{
+ return 'https://' . SITE_DOMAIN_PRODUCTION;
+}
diff --git a/backend/includes/functions.php b/backend/includes/functions.php
index 24d736c..2eb5041 100644
--- a/backend/includes/functions.php
+++ b/backend/includes/functions.php
@@ -3,6 +3,12 @@
* Helper functions for HexaHost.de
*/
+$configDir = defined('HEXAHOST_CONFIG_DIR')
+ ? HEXAHOST_CONFIG_DIR
+ : __DIR__ . '/../config';
+
+require_once $configDir . '/site-config.php';
+
// Sichere Session-Konfiguration
if (session_status() === PHP_SESSION_NONE) {
// Session-Cookie-Sicherheit
@@ -51,6 +57,11 @@ function includeHeader($title = '', $description = '', $page = '', $scripts = []
$current_page = $page;
$additional_scripts = $scripts;
+
+ if (!isset($canonical_url)) {
+ $requestPath = parse_url($_SERVER['REQUEST_URI'] ?? '/', PHP_URL_PATH) ?: '/';
+ $canonical_url = rtrim(getCanonicalBaseUrl(), '/') . $requestPath;
+ }
include __DIR__ . '/header.php';
}
diff --git a/backend/includes/header.php b/backend/includes/header.php
index eb00be5..2f74089 100644
--- a/backend/includes/header.php
+++ b/backend/includes/header.php
@@ -1,5 +1,8 @@
-
+
diff --git a/public/404.php b/public/404.php
index bff4941..58ba9bc 100644
--- a/public/404.php
+++ b/public/404.php
@@ -1,5 +1,5 @@
__DIR__ . '/includes',
+ 'config' => __DIR__ . '/config',
+ ],
+ [
+ 'includes' => __DIR__ . '/../backend/includes',
+ 'config' => __DIR__ . '/../backend/config',
+ ],
+ ];
+
+ $resolved = false;
+
+ foreach ($pathCandidates as $paths) {
+ if (is_file($paths['includes'] . '/functions.php')) {
+ define('HEXAHOST_INCLUDES_DIR', $paths['includes']);
+ define('HEXAHOST_CONFIG_DIR', $paths['config']);
+ require_once $paths['includes'] . '/functions.php';
+ $resolved = true;
+ break;
+ }
+ }
+
+ if (!$resolved) {
+ http_response_code(500);
+ header('Content-Type: text/plain; charset=utf-8');
+ echo 'HexaHost: Anwendung konnte nicht gestartet werden (includes nicht gefunden).';
+ exit;
+ }
+
+ define('HEXAHOST_BOOTSTRAPPED', true);
+}
diff --git a/public/contact-handler.php b/public/contact-handler.php
index ca47f74..600378f 100644
--- a/public/contact-handler.php
+++ b/public/contact-handler.php
@@ -9,8 +9,10 @@ if (session_status() === PHP_SESSION_NONE) {
session_start();
}
-// Konfiguration laden
-require_once 'config/mail-config.php';
+require_once __DIR__ . '/bootstrap.php';
+
+$configDir = defined('HEXAHOST_CONFIG_DIR') ? HEXAHOST_CONFIG_DIR : __DIR__ . '/config';
+require_once $configDir . '/mail-config.php';
// PHPMailer Autoload (falls via Composer installiert)
if (file_exists(__DIR__ . '/vendor/autoload.php')) {
@@ -43,13 +45,8 @@ function validateCSRFToken($token) {
return false;
}
-// CORS Headers für AJAX-Requests (nur eigene Domain erlauben)
-$allowed_origins = [
- 'https://hexahost.de',
- 'https://www.hexahost.de',
- 'http://localhost', // Für Entwicklung
- 'http://127.0.0.1' // Für Entwicklung
-];
+// CORS Headers für AJAX-Requests (nur eigene Domains erlauben)
+$allowed_origins = getAllowedOrigins();
$origin = $_SERVER['HTTP_ORIGIN'] ?? '';
if (in_array($origin, $allowed_origins)) {
diff --git a/public/contact.php b/public/contact.php
index e81dc3a..dedf21d 100644
--- a/public/contact.php
+++ b/public/contact.php
@@ -1,6 +1,6 @@
Impressum
-
+ Rechtliche Angaben und Pflichtinformationen gemäß § 5 DDG
diff --git a/public/index.php b/public/index.php
index 1211e46..f5700e5 100644
--- a/public/index.php
+++ b/public/index.php
@@ -1,6 +1,6 @@