public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next)
{
$cors = $this->analyzer->analyze($request);
switch ($cors->getRequestType()) {
case AnalysisResultInterface::ERR_NO_HOST_HEADER:
case AnalysisResultInterface::ERR_ORIGIN_NOT_ALLOWED:
case AnalysisResultInterface::ERR_METHOD_NOT_SUPPORTED:
case AnalysisResultInterface::ERR_HEADERS_NOT_SUPPORTED:
return $response->withStatus(403);
case AnalysisResultInterface::TYPE_REQUEST_OUT_OF_CORS_SCOPE:
return $next($request, $response);
case AnalysisResultInterface::TYPE_PRE_FLIGHT_REQUEST:
foreach ($cors->getResponseHeaders() as $name => $value) {
$response = $response->withHeader($name, $value);
}
return $response->withStatus(200);
default:
foreach ($cors->getResponseHeaders() as $name => $value) {
$response = $response->withHeader($name, $value);
}
return $next($request, $response);
}
}
/**
* This method saves analysis result in Illuminate Container for
* using it in other parts of the application (e.g. in exception handler).
*
* @param Request $request
*
* @return AnalysisResultInterface
*/
protected function getCorsAnalysis(Request $request)
{
$analysis = $this->analyzer->analyze($this->getRequestAdapter($request));
$this->container->instance(AnalysisResultInterface::class, $analysis);
return $analysis;
}