Ejemplo n.º 1
0
 /**
  * Invokable class
  *
  * @param Psr\Http\Message\ServerRequestInterface $request
  * @param Psr\Http\Message\ResponseInterface      $response
  * @param callable                                $next
  * @return Psr\Http\Message\ResponseInterface
  */
 public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next)
 {
     // Build CorsRequest from PSR-7 request
     $corsRequest = $this->buildCorsRequest($request);
     // If NOT preflight request; perform $next action and collect response
     if (!$corsRequest->isPreflight()) {
         $response = $next($request, $response);
     }
     // Process CorsRequest
     $corsResponse = $this->cors->process($corsRequest);
     // Apply CORS response parameters to PSR-7 response
     $response = $this->applyResponseParams($corsResponse, $response);
     return $response;
 }
Ejemplo n.º 2
0
 /**
  * Handle CORS request
  *
  * @param  Illuminate\Http\Request  $request
  * @param  Closure $next
  * @return Illuminate\Http\Response
  */
 public function handle(Request $request, Closure $next)
 {
     // Build CorsRequest from Illuminate Request
     $corsRequest = $this->buildCorsRequest($request);
     // If preflight request; skip $next action and build new response
     if ($corsRequest->isPreflight()) {
         $response = new Response();
     } else {
         $response = $next($request);
     }
     // Process CorsRequest
     $corsResponse = $this->cors->process($corsRequest);
     // Apply CORS response parameters to Illuminate Response
     $response = $this->applyResponseParams($corsResponse, $response);
     return $response;
 }
Ejemplo n.º 3
0
 /**
  * CORS:
  * - allowOrigins: http://example.com
  * - allowHeaders: Authorization, Content-Type
  * Preflight request:
  * - Access-Control-Request-Method: GET
  * - Access-Control-Request-Headers: Accept, Accept-Language, Authorization, Content-Language, Content-Type
  * - Origin: http://example.com
  * Result:
  * - Contains access-control-allow-origin key, with allowed origin as value
  * - Contains access-control-allow-headers key, with allowed headers as value
  */
 public function test_section_6_2_10_not_simple()
 {
     $cors = new CorsService(['allowOrigins' => ['http://example.com'], 'allowHeaders' => ['Authorization', 'Content-Type']]);
     $result = $cors->process((new CorsRequest())->setMethod('OPTIONS')->setAccessControlRequestMethod('GET')->setAccessControlRequestHeaders(['Accept', 'Authorization', 'Content-Type'])->setOrigin('http://example.com'));
     $this->assertEquals(['access-control-allow-origin' => 'http://example.com', 'access-control-allow-headers' => ['Authorization', 'Content-Type']], $result);
 }