/**
* Execute the middleware.
*
* @param ServerRequestInterface $request
* @param ResponseInterface $response
* @param callable $next
*
* @return ResponseInterface
*/
public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next)
{
if (empty($this->settings)) {
throw new RuntimeException('No SettingsStrategyInterface instance has been provided');
}
$cors = Analyzer::instance($this->settings)->analyze($request);
switch ($cors->getRequestType()) {
case AnalysisResultInterface::ERR_NO_HOST_HEADER:
case AnalysisResultInterface::ERR_ORIGIN_NOT_ALLOWED:
case AnalysisResultInterface::ERR_METHOD_NOT_SUPPORTED:
case AnalysisResultInterface::ERR_HEADERS_NOT_SUPPORTED:
return $response->withStatus(403);
case AnalysisResultInterface::TYPE_REQUEST_OUT_OF_CORS_SCOPE:
return $next($request, $response);
case AnalysisResultInterface::TYPE_PRE_FLIGHT_REQUEST:
foreach ($cors->getResponseHeaders() as $name => $value) {
$response = $response->withHeader($name, $value);
}
return $response->withStatus(200);
default:
$response = $next($request, $response);
foreach ($cors->getResponseHeaders() as $name => $value) {
$response = $response->withHeader($name, $value);
}
return $response;
}
}
/**
* Execute the middleware.
*
* @param ServerRequestInterface $request
* @param ResponseInterface $response
* @param callable $next
*
* @return ResponseInterface
*/
public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next)
{
$settings = $this->settings ?: $this->getFromContainer(SettingsStrategyInterface::CLASS);
$cors = Analyzer::instance($settings)->analyze($request);
switch ($cors->getRequestType()) {
case AnalysisResultInterface::ERR_NO_HOST_HEADER:
case AnalysisResultInterface::ERR_ORIGIN_NOT_ALLOWED:
case AnalysisResultInterface::ERR_METHOD_NOT_SUPPORTED:
case AnalysisResultInterface::ERR_HEADERS_NOT_SUPPORTED:
return $response->withStatus(403);
case AnalysisResultInterface::TYPE_REQUEST_OUT_OF_CORS_SCOPE:
return $next($request, $response);
case AnalysisResultInterface::TYPE_PRE_FLIGHT_REQUEST:
foreach ($cors->getResponseHeaders() as $name => $value) {
$response = $response->withHeader($name, $value);
}
return $response->withStatus(200);
default:
$response = $next($request, $response);
foreach ($cors->getResponseHeaders() as $name => $value) {
$response = $response->withHeader($name, $value);
}
return $response;
}
}
public function __construct(SettingsStrategyInterface $settings = null, LoggerInterface $logger = null)
{
$this->settings = $settings ?? new Settings();
$this->analyzer = Analyzer::instance($this->settings);
if (null !== $logger) {
$this->analyzer->setLogger($logger);
}
}
/**
* @param Container $container
*
* @return void
*
* @SuppressWarnings(PHPMD.StaticAccess)
*/
protected static function setUpCors(Container $container)
{
$container[AnalyzerInterface::class] = function (ContainerInterface $container) {
/** @var ConfigInterface $config */
$config = $container->get(ConfigInterface::class);
$appConfig = $config->getConfig(Application::class);
$strategy = new Settings($config->getConfig(Settings::class));
$analyzer = Analyzer::instance($strategy);
if ($appConfig[Application::KEY_IS_LOG_ENABLED] === true) {
$logger = $container->get(LoggerInterface::class);
$analyzer->setLogger($logger);
}
return $analyzer;
};
}
public function __invoke(RequestInterface $request, ResponseInterface $response, callable $next)
{
$analyzer = Analyzer::instance($this->buildSettings($request, $response));
if ($this->logger) {
$analyzer->setLogger($this->logger);
}
$cors = $analyzer->analyze($request);
switch ($cors->getRequestType()) {
case AnalysisResultInterface::ERR_ORIGIN_NOT_ALLOWED:
return $this->error($request, $response, ["message" => "CORS request origin is not allowed."])->withStatus(401);
case AnalysisResultInterface::ERR_METHOD_NOT_SUPPORTED:
return $this->error($request, $response, ["message" => "CORS requested method is not supported."])->withStatus(401);
case AnalysisResultInterface::ERR_HEADERS_NOT_SUPPORTED:
return $this->error($request, $response, ["message" => "CORS requested header is not allowed."])->withStatus(401);
case AnalysisResultInterface::TYPE_PRE_FLIGHT_REQUEST:
$cors_headers = $cors->getResponseHeaders();
foreach ($cors_headers as $header => $value) {
/* Diactoros errors on integer values. */
if (false === is_array($value)) {
$value = (string) $value;
}
$response = $response->withHeader($header, $value);
}
return $response->withStatus(200);
case AnalysisResultInterface::TYPE_REQUEST_OUT_OF_CORS_SCOPE:
return $next($request, $response);
default:
/* Actual CORS request. */
$response = $next($request, $response);
$cors_headers = $cors->getResponseHeaders();
foreach ($cors_headers as $header => $value) {
/* Diactoros errors on integer values. */
if (false === is_array($value)) {
$value = (string) $value;
}
$response = $response->withHeader($header, $value);
}
return $response;
}
}
/**
* Set the CORS headers
*
* @param \Psr\Http\Message\ServerRequestInterface $request PSR7 request
* @param \Psr\Http\Message\ResponseInterface $response PSR7 response
* @param callable $next Next middleware
*
* @return \Psr\Http\Message\ResponseInterface
*/
private function setCORSheaders($request, $response, $next)
{
$settings = new Settings();
$settings->setServerOrigin(['scheme' => $request->getUri()->getScheme(), 'host' => $request->getUri()->getHost(), 'port' => $request->getUri()->getPort()])->setRequestCredentialsSupported(true)->setServerOrigin($request->getHeader('HTTP_ORIGIN'))->setPreFlightCacheMaxAge(86400)->setRequestAllowedMethods(['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'])->setRequestAllowedHeaders(['X-Requested-With']);
if ($request->getHeader('HTTP_ACCESS_CONTROL_REQUEST_METHOD')) {
$settings->setRequestAllowedMethods($request->getHeader('HTTP_ACCESS_CONTROL_REQUEST_METHOD'));
}
if ($request->getHeader('HTTP_ACCESS_CONTROL_REQUEST_HEADERS')) {
$settings->setRequestAllowedHeaders($request->getHeader('HTTP_ACCESS_CONTROL_REQUEST_HEADERS'));
}
$cors = Analyzer::instance($settings)->analyze($request);
switch ($cors->getRequestType()) {
case AnalysisResultInterface::ERR_NO_HOST_HEADER:
case AnalysisResultInterface::ERR_ORIGIN_NOT_ALLOWED:
case AnalysisResultInterface::ERR_METHOD_NOT_SUPPORTED:
case AnalysisResultInterface::ERR_HEADERS_NOT_SUPPORTED:
return $response->withStatus(403);
case AnalysisResultInterface::TYPE_REQUEST_OUT_OF_CORS_SCOPE:
return $next($request, $response);
case AnalysisResultInterface::TYPE_PRE_FLIGHT_REQUEST:
foreach ($cors->getResponseHeaders() as $name => $value) {
$response = $response->withHeader($name, $value);
}
return $response->withStatus(200);
default:
$response = $next($request, $response);
foreach ($cors->getResponseHeaders() as $name => $value) {
$response = $response->withHeader($name, $value);
}
return $response;
}
}
/**
* @return Closure
*/
protected function getCreateAnalyzerClosure()
{
return function ($app) {
/** @var AnalysisStrategyInterface $strategy */
$strategy = $app[AnalysisStrategyInterface::class];
$analyzer = Analyzer::instance($strategy);
$logger = $this->getLoggerIfEnabled($app);
$logger === null ?: $analyzer->setLogger($logger);
return $analyzer;
};
}