public function testReturnNullForUnknownOrigin()
{
$request = new HttpRequest();
$request->getHeaders()->addHeaderLine('Origin', 'http://unauthorized-origin.com');
$response = $this->corsService->createPreflightCorsResponse($request);
$headers = $response->getHeaders();
$this->assertEquals('null', $headers->get('Access-Control-Allow-Origin')->getFieldValue());
}
/**
* Handle a CORS preflight request
*
* @param MvcEvent $event
* @return null|HttpResponse
*/
public function onCorsPreflight(MvcEvent $event)
{
// Reset state flag
$this->isPreflight = false;
/** @var $request HttpRequest */
$request = $event->getRequest();
if (!$request instanceof HttpRequest || !$this->corsService->isCorsRequest($request)) {
return;
}
// If this isn't a preflight, done
if (!$this->corsService->isPreflightRequest($request)) {
return;
}
// Preflight -- return a response now!
$this->isPreflight = true;
return $this->corsService->createPreflightCorsResponse($request);
}
