/** * Render an exception into an HTTP response. * * @param \Illuminate\Http\Request $request * @param \Exception $e * @return \Illuminate\Http\Response */ public function render($request, Exception $e) { if ($e instanceof ModelNotFoundException) { $e = new NotFoundHttpException($e->getMessage(), $e); } elseif ($e instanceof OAuthException) { $response = response()->json(['error' => $e->errorType, 'error_description' => $e->getMessage()], $e->httpStatusCode, $e->getHttpHeaders()); return $this->corsService->addActualRequestHeaders($response, $request); } return parent::render($request, $e); }
/** * Handle an incoming request. Based on Asm89\Stack\Cors by asm89. * * @see https://github.com/asm89/stack-cors/blob/master/src/Asm89/Stack/Cors.php * * @param \Illuminate\Http\Request $request * @param \Closure $next * * @return mixed */ public function handle($request, Closure $next) { if ($this->isSameDomain($request) || !$this->cors->isCorsRequest($request)) { return $next($request); } if (!$this->cors->isActualRequestAllowed($request)) { abort(403); } /** @var \Illuminate\Http\Response $response */ $response = $next($request); return $this->cors->addActualRequestHeaders($response, $request); }
/** * Handle an incoming request. Based on Asm89\Stack\Cors by asm89 * @see https://github.com/asm89/stack-cors/blob/master/src/Asm89/Stack/Cors.php * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { if ($this->isSameDomain($request) || !$this->cors->isCorsRequest($request)) { return $next($request); } if (!$this->cors->isActualRequestAllowed($request)) { abort(403); } try { /** @var \Illuminate\Http\Response $response */ $response = $next($request); } catch (\Exception $e) { $this->exceptionHandler->report($e); $response = $this->exceptionHandler->render($request, $e); } return $this->cors->addActualRequestHeaders($response, $request); }
/** * @param Application $app */ public function boot(Application $app) { $options = $this->options; $cors = new CorsService($options); // handle OPTIONS preflight request if necessary $app->before(function (Request $request) use($app, $cors, $options) { if (!$cors->isCorsRequest($request)) { return; } if ($cors->isPreflightRequest($request)) { $response = $cors->handlePreflightRequest($request); $denied_codes = array(Response::HTTP_METHOD_NOT_ALLOWED, Response::HTTP_FORBIDDEN); $is_denied = in_array($response->getStatusCode(), $denied_codes); if ($is_denied && !empty($options['denied_reponse_class'])) { $response = new $options['denied_reponse_class']($response->getContent(), $response->getStatusCode(), $response->headers->all()); } return $response; } if (!$cors->isActualRequestAllowed($request)) { if (!empty($options['denied_reponse_class'])) { $response = new $options['denied_reponse_class']('Not allowed', 403); } else { $response = new Response('Not allowed.', 403); } return $response; } }, Application::EARLY_EVENT); // when the response is sent back, add CORS headers if necessary $app->after(function (Request $request, Response $response) use($cors) { if (!$cors->isCorsRequest($request)) { return; } $cors->addActualRequestHeaders($response, $request); }); }
/** * Set the cors headers * * @param \Illuminate\Http\Request $request * @param \Illuminate\Http\Response $response * @return void */ protected function setCorsHeaders($request, $response) { $allowedHeaders = explode(",", $this->allowedHeaders); $allowedMethods = explode(",", $this->allowedMethods); $allowedOrigins = explode(",", $this->allowedOrigins); if ($this->exposedHeaders != false) { $exposedHeaders = explode(",", $this->exposedHeaders); } else { $exposedHeaders = false; } if ($this->maxAge != false) { $maxAge = explode(",", $this->maxAge); } else { $maxAge = false; } if ($this->supportsCredentials != false) { $supportsCredentials = explode(",", $this->supportsCredentials); } else { $supportsCredentials = false; } $cors = new CorsService(array('allowedHeaders' => $allowedHeaders, 'allowedMethods' => $allowedMethods, 'allowedOrigins' => $allowedOrigins, 'exposedHeaders' => $exposedHeaders, 'maxAge' => $maxAge, 'supportsCredentials' => $supportsCredentials)); $cors->addActualRequestHeaders($response, $request); $preflight = $cors->handlePreflightRequest($request); $cors->isActualRequestAllowed($request); $cors->isCorsRequest($request); $cors->isPreflightRequest($request); $response->headers->add($preflight->headers->all()); return $response; }
public function handle(Request $request, $type = HttpKernelInterface::MASTER_REQUEST, $catch = true) { if (!$this->cors->isCorsRequest($request)) { return $this->app->handle($request, $type, $catch); } if ($this->cors->isPreflightRequest($request)) { return $this->cors->handlePreflightRequest($request); } if (!$this->cors->isActualRequestAllowed($request)) { return new Response('Not allowed.', 403); } $response = $this->app->handle($request, $type, $catch); return $this->cors->addActualRequestHeaders($response, $request); }
/** * @test */ public function it_does_not_modify_request_with_origin_not_allowed() { $passedOptions = array('allowedOrigins' => array('notlocalhost')); $service = new CorsService($passedOptions); $request = $this->createValidActualRequest(); $response = new Response(); $service->addActualRequestHeaders($response, $request); $this->assertEquals($response, new Response()); }