Example #1
0
 /**
  * Processes an access control request
  *
  * @param Request $request Access control request to process
  * @return void
  * @throws Exception\AccessDeniedException If access is not allowed
  */
 public function processRequest(Request $request, Response $response)
 {
     if (!$request->isCrossOrigin()) {
         return;
     }
     if ($request->isPreflight()) {
         if (!$request->getRequestMethod()) {
             throw new Exception\AccessDeniedException('Missing request method', 1413983849);
         }
         if (!$this->isMethodAllowed($request->getRequestMethod())) {
             throw new Exception\AccessDeniedException('Request method "' . $request->getRequestMethod() . '" not allowed', 1413983927);
         }
         foreach ($request->getRequestHeaders() as $header) {
             if (!$this->isHeaderAllowed($header)) {
                 throw new Exception\AccessDeniedException('Request header "' . $header . '" not allowed', 1413988013);
             }
         }
         $response->setPreflight(TRUE);
         $response->setAllowedMethods([$request->getRequestMethod()]);
         $response->setAllowedHeaders($request->getRequestHeaders());
         $response->setMaximumAge($this->getMaximumAge());
     }
     $origin = $request->getOrigin();
     $originUri = $origin->getScheme() . '://' . $origin->getHostname() . ($origin->getPort() ? ':' . $origin->getPort() : '');
     if ($this->isOriginUriAllowed('*') && !$request->hasCredentials()) {
         $response->setAllowedOrigin('*');
     } elseif ($this->isOriginUriAllowed($originUri)) {
         $response->setAllowedOrigin($originUri);
     } else {
         throw new Exception\AccessDeniedException('Access not allowed for origin "' . $originUri . '"', 1413983266);
     }
     if ($request->hasCredentials()) {
         $response->setAllowCredentials($this->getAllowCredentials());
     }
     $response->setExposedHeaders($this->getExposedHeaders());
 }