public function handle(Request $request, $type = HttpKernelInterface::MASTER_REQUEST, $catch = true)
{
if (!$this->cors->isCorsRequest($request)) {
return $this->app->handle($request, $type, $catch);
}
if ($this->cors->isPreflightRequest($request)) {
return $this->cors->handlePreflightRequest($request);
}
if (!$this->cors->isActualRequestAllowed($request)) {
return new Response('Not allowed.', 403);
}
$response = $this->app->handle($request, $type, $catch);
return $this->cors->addActualRequestHeaders($response, $request);
}
/**
* Set the cors headers
*
* @param \Illuminate\Http\Request $request
* @param \Illuminate\Http\Response $response
* @return void
*/
protected function setCorsHeaders($request, $response)
{
$allowedHeaders = explode(",", $this->allowedHeaders);
$allowedMethods = explode(",", $this->allowedMethods);
$allowedOrigins = explode(",", $this->allowedOrigins);
if ($this->exposedHeaders != false) {
$exposedHeaders = explode(",", $this->exposedHeaders);
} else {
$exposedHeaders = false;
}
if ($this->maxAge != false) {
$maxAge = explode(",", $this->maxAge);
} else {
$maxAge = false;
}
if ($this->supportsCredentials != false) {
$supportsCredentials = explode(",", $this->supportsCredentials);
} else {
$supportsCredentials = false;
}
$cors = new CorsService(array('allowedHeaders' => $allowedHeaders, 'allowedMethods' => $allowedMethods, 'allowedOrigins' => $allowedOrigins, 'exposedHeaders' => $exposedHeaders, 'maxAge' => $maxAge, 'supportsCredentials' => $supportsCredentials));
$cors->addActualRequestHeaders($response, $request);
$preflight = $cors->handlePreflightRequest($request);
$cors->isActualRequestAllowed($request);
$cors->isCorsRequest($request);
$cors->isPreflightRequest($request);
$response->headers->add($preflight->headers->all());
return $response;
}
/**
* @param Application $app
*/
public function boot(Application $app)
{
$options = $this->options;
$cors = new CorsService($options);
// handle OPTIONS preflight request if necessary
$app->before(function (Request $request) use($app, $cors, $options) {
if (!$cors->isCorsRequest($request)) {
return;
}
if ($cors->isPreflightRequest($request)) {
$response = $cors->handlePreflightRequest($request);
$denied_codes = array(Response::HTTP_METHOD_NOT_ALLOWED, Response::HTTP_FORBIDDEN);
$is_denied = in_array($response->getStatusCode(), $denied_codes);
if ($is_denied && !empty($options['denied_reponse_class'])) {
$response = new $options['denied_reponse_class']($response->getContent(), $response->getStatusCode(), $response->headers->all());
}
return $response;
}
if (!$cors->isActualRequestAllowed($request)) {
if (!empty($options['denied_reponse_class'])) {
$response = new $options['denied_reponse_class']('Not allowed', 403);
} else {
$response = new Response('Not allowed.', 403);
}
return $response;
}
}, Application::EARLY_EVENT);
// when the response is sent back, add CORS headers if necessary
$app->after(function (Request $request, Response $response) use($cors) {
if (!$cors->isCorsRequest($request)) {
return;
}
$cors->addActualRequestHeaders($response, $request);
});
}
