/**
* Render an exception into an HTTP response.
*
* @param \Illuminate\Http\Request $request
* @param \Exception $e
* @return \Illuminate\Http\Response
*/
public function render($request, Exception $e)
{
if ($e instanceof ModelNotFoundException) {
$e = new NotFoundHttpException($e->getMessage(), $e);
} elseif ($e instanceof OAuthException) {
$response = response()->json(['error' => $e->errorType, 'error_description' => $e->getMessage()], $e->httpStatusCode, $e->getHttpHeaders());
return $this->corsService->addActualRequestHeaders($response, $request);
}
return parent::render($request, $e);
}
/**
* Handle an incoming request. Based on Asm89\Stack\Cors by asm89.
*
* @see https://github.com/asm89/stack-cors/blob/master/src/Asm89/Stack/Cors.php
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
*
* @return mixed
*/
public function handle($request, Closure $next)
{
if ($this->isSameDomain($request) || !$this->cors->isCorsRequest($request)) {
return $next($request);
}
if (!$this->cors->isActualRequestAllowed($request)) {
abort(403);
}
/** @var \Illuminate\Http\Response $response */
$response = $next($request);
return $this->cors->addActualRequestHeaders($response, $request);
}
/**
* Handle an incoming request. Based on Asm89\Stack\Cors by asm89
* @see https://github.com/asm89/stack-cors/blob/master/src/Asm89/Stack/Cors.php
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if ($this->isSameDomain($request) || !$this->cors->isCorsRequest($request)) {
return $next($request);
}
if (!$this->cors->isActualRequestAllowed($request)) {
abort(403);
}
try {
/** @var \Illuminate\Http\Response $response */
$response = $next($request);
} catch (\Exception $e) {
$this->exceptionHandler->report($e);
$response = $this->exceptionHandler->render($request, $e);
}
return $this->cors->addActualRequestHeaders($response, $request);
}
/**
* @param Application $app
*/
public function boot(Application $app)
{
$options = $this->options;
$cors = new CorsService($options);
// handle OPTIONS preflight request if necessary
$app->before(function (Request $request) use($app, $cors, $options) {
if (!$cors->isCorsRequest($request)) {
return;
}
if ($cors->isPreflightRequest($request)) {
$response = $cors->handlePreflightRequest($request);
$denied_codes = array(Response::HTTP_METHOD_NOT_ALLOWED, Response::HTTP_FORBIDDEN);
$is_denied = in_array($response->getStatusCode(), $denied_codes);
if ($is_denied && !empty($options['denied_reponse_class'])) {
$response = new $options['denied_reponse_class']($response->getContent(), $response->getStatusCode(), $response->headers->all());
}
return $response;
}
if (!$cors->isActualRequestAllowed($request)) {
if (!empty($options['denied_reponse_class'])) {
$response = new $options['denied_reponse_class']('Not allowed', 403);
} else {
$response = new Response('Not allowed.', 403);
}
return $response;
}
}, Application::EARLY_EVENT);
// when the response is sent back, add CORS headers if necessary
$app->after(function (Request $request, Response $response) use($cors) {
if (!$cors->isCorsRequest($request)) {
return;
}
$cors->addActualRequestHeaders($response, $request);
});
}
/**
* Set the cors headers
*
* @param \Illuminate\Http\Request $request
* @param \Illuminate\Http\Response $response
* @return void
*/
protected function setCorsHeaders($request, $response)
{
$allowedHeaders = explode(",", $this->allowedHeaders);
$allowedMethods = explode(",", $this->allowedMethods);
$allowedOrigins = explode(",", $this->allowedOrigins);
if ($this->exposedHeaders != false) {
$exposedHeaders = explode(",", $this->exposedHeaders);
} else {
$exposedHeaders = false;
}
if ($this->maxAge != false) {
$maxAge = explode(",", $this->maxAge);
} else {
$maxAge = false;
}
if ($this->supportsCredentials != false) {
$supportsCredentials = explode(",", $this->supportsCredentials);
} else {
$supportsCredentials = false;
}
$cors = new CorsService(array('allowedHeaders' => $allowedHeaders, 'allowedMethods' => $allowedMethods, 'allowedOrigins' => $allowedOrigins, 'exposedHeaders' => $exposedHeaders, 'maxAge' => $maxAge, 'supportsCredentials' => $supportsCredentials));
$cors->addActualRequestHeaders($response, $request);
$preflight = $cors->handlePreflightRequest($request);
$cors->isActualRequestAllowed($request);
$cors->isCorsRequest($request);
$cors->isPreflightRequest($request);
$response->headers->add($preflight->headers->all());
return $response;
}
public function handle(Request $request, $type = HttpKernelInterface::MASTER_REQUEST, $catch = true)
{
if (!$this->cors->isCorsRequest($request)) {
return $this->app->handle($request, $type, $catch);
}
if ($this->cors->isPreflightRequest($request)) {
return $this->cors->handlePreflightRequest($request);
}
if (!$this->cors->isActualRequestAllowed($request)) {
return new Response('Not allowed.', 403);
}
$response = $this->app->handle($request, $type, $catch);
return $this->cors->addActualRequestHeaders($response, $request);
}
/**
* @test
*/
public function it_does_not_modify_request_with_origin_not_allowed()
{
$passedOptions = array('allowedOrigins' => array('notlocalhost'));
$service = new CorsService($passedOptions);
$request = $this->createValidActualRequest();
$response = new Response();
$service->addActualRequestHeaders($response, $request);
$this->assertEquals($response, new Response());
}
