/** * Render an exception into an HTTP response. * * @param \Illuminate\Http\Request $request * @param \Exception $e * @return \Illuminate\Http\Response */ public function render($request, Exception $e) { if ($e instanceof ModelNotFoundException) { $e = new NotFoundHttpException($e->getMessage(), $e); } elseif ($e instanceof OAuthException) { $response = response()->json(['error' => $e->errorType, 'error_description' => $e->getMessage()], $e->httpStatusCode, $e->getHttpHeaders()); return $this->corsService->addActualRequestHeaders($response, $request); } return parent::render($request, $e); }
/** * Handle an incoming request. Based on Asm89\Stack\Cors by asm89 * @see https://github.com/asm89/stack-cors/blob/master/src/Asm89/Stack/Cors.php * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { if (!$this->cors->isCorsRequest($request)) { return $next($request); } if (!$this->cors->isActualRequestAllowed($request)) { abort(403); } /** @var \Illuminate\Http\Response $response */ $response = $next($request); return $this->cors->addActualRequestHeaders($response, $request); }
/** * @test */ public function it_does_not_modify_request_with_origin_not_allowed() { $passedOptions = array('allowedOrigins' => array('notlocalhost')); $service = new CorsService($passedOptions); $request = $this->createValidActualRequest(); $response = new Response(); $service->addActualRequestHeaders($response, $request); $this->assertEquals($response, new Response()); }