🔍 CORS HEADER AUDIT - Mobile App Compatibility Check
====================================================

📄 Analyzing: enhance-text-cached.php
  ❌ ISSUES FOUND (2):
    • Early output at line 232 before headers
    • Unsafe $_SERVER['REQUEST_METHOD'] access without isset() check

📄 Analyzing: enhance-text.php
  ❌ ISSUES FOUND (1):
    • Early output at line 106 before headers

📄 Analyzing: license-validate-v2.php
  ❌ ISSUES FOUND (2):
    • Early output at line 419 before headers
    • Unsafe $_SERVER['REQUEST_METHOD'] access without isset() check

📄 Analyzing: license-validate.php
  ❌ ISSUES FOUND (2):
    • Early output at line 257 before headers
    • Unsafe $_SERVER['REQUEST_METHOD'] access without isset() check

📄 Analyzing: create-checkout.php
  ❌ ISSUES FOUND (1):
    • Early output at line 378 before headers

📄 Analyzing: checkout.php
  ❌ ISSUES FOUND (2):
    • Early output at line 130 before headers
    • Unsafe $_SERVER['REQUEST_METHOD'] access without isset() check

📄 Analyzing: admin-data.php
  ❌ ISSUES FOUND (1):
    • Early output at line 52 before headers

📄 Analyzing: admin-activity.php
  ❌ ISSUES FOUND (3):
    • Early output at line 164 before headers
    • Direct getallheaders() usage at line 36 (may fail in some environments)
    • Unsafe $_SERVER['REQUEST_METHOD'] access without isset() check

📄 Analyzing: admin-licenses.php
  ❌ ISSUES FOUND (3):
    • Early output at line 731 before headers
    • Direct getallheaders() usage at line 544 (may fail in some environments)
    • Unsafe $_SERVER['REQUEST_METHOD'] access without isset() check

📄 Analyzing: payfast-webhook.php
  ❌ ISSUES FOUND (2):
    • Early output at line 239 before headers
    • Direct getallheaders() usage at line 63 (may fail in some environments)

📄 Analyzing: lemonsqueezy-webhook.php
  ❌ ISSUES FOUND (1):
    • Early output at line 70 before headers

📄 Analyzing: appsumo-webhook.php
  ❌ ISSUES FOUND (2):
    • Early output at line 259 before headers
    • Unsafe $_SERVER['REQUEST_METHOD'] access without isset() check

📄 Analyzing: server-health.php
  ❌ ISSUES FOUND (3):
    • Early output at line 170 before headers
    • Direct getallheaders() usage at line 21 (may fail in some environments)
    • Unsafe $_SERVER['REQUEST_METHOD'] access without isset() check

📄 Analyzing: ai-status.php
  ❌ ISSUES FOUND (2):
    • Early output at line 41 before headers
    • Unsafe $_SERVER['REQUEST_METHOD'] access without isset() check

📄 Analyzing: generate-license.php
  ❌ ISSUES FOUND (2):
    • Early output at line 180 before headers
    • Unsafe $_SERVER['REQUEST_METHOD'] access without isset() check

📊 AUDIT RESULTS SUMMARY
========================
Total files analyzed: 15
✅ Files without issues: 0
❌ Files with issues: 15

🚨 CRITICAL ISSUES REQUIRING IMMEDIATE FIX:
============================================
📁 enhance-text-cached.php:
   ❌ Early output at line 232 before headers
   ❌ Unsafe $_SERVER['REQUEST_METHOD'] access without isset() check

📁 enhance-text.php:
   ❌ Early output at line 106 before headers

📁 license-validate-v2.php:
   ❌ Early output at line 419 before headers
   ❌ Unsafe $_SERVER['REQUEST_METHOD'] access without isset() check

📁 license-validate.php:
   ❌ Early output at line 257 before headers
   ❌ Unsafe $_SERVER['REQUEST_METHOD'] access without isset() check

📁 create-checkout.php:
   ❌ Early output at line 378 before headers

📁 checkout.php:
   ❌ Early output at line 130 before headers
   ❌ Unsafe $_SERVER['REQUEST_METHOD'] access without isset() check

📁 admin-data.php:
   ❌ Early output at line 52 before headers

📁 admin-activity.php:
   ❌ Early output at line 164 before headers
   ❌ Direct getallheaders() usage at line 36 (may fail in some environments)
   ❌ Unsafe $_SERVER['REQUEST_METHOD'] access without isset() check

📁 admin-licenses.php:
   ❌ Early output at line 731 before headers
   ❌ Direct getallheaders() usage at line 544 (may fail in some environments)
   ❌ Unsafe $_SERVER['REQUEST_METHOD'] access without isset() check

📁 payfast-webhook.php:
   ❌ Early output at line 239 before headers
   ❌ Direct getallheaders() usage at line 63 (may fail in some environments)

📁 lemonsqueezy-webhook.php:
   ❌ Early output at line 70 before headers

📁 appsumo-webhook.php:
   ❌ Early output at line 259 before headers
   ❌ Unsafe $_SERVER['REQUEST_METHOD'] access without isset() check

📁 server-health.php:
   ❌ Early output at line 170 before headers
   ❌ Direct getallheaders() usage at line 21 (may fail in some environments)
   ❌ Unsafe $_SERVER['REQUEST_METHOD'] access without isset() check

📁 ai-status.php:
   ❌ Early output at line 41 before headers
   ❌ Unsafe $_SERVER['REQUEST_METHOD'] access without isset() check

📁 generate-license.php:
   ❌ Early output at line 180 before headers
   ❌ Unsafe $_SERVER['REQUEST_METHOD'] access without isset() check

💊 RECOMMENDED FIXES:
====================
1. Move CorsConfig::apply() to FIRST line after <?php
2. Remove manual CORS headers (let CorsConfig handle them)
3. Replace getallheaders() with safe alternatives
4. Add isset() checks for $_SERVER variables
5. Ensure no output before headers

🔧 Auto-fix available: Run fix-all-cors-issues.php

📱 MOBILE APP IMPACT:
Files with header issues will cause mobile app API failures
Priority fix order: license-validate, enhance-text, checkout endpoints