/**
* Add the CORS headers to the response.
*
* @return void
*/
public function addCorsHeaders()
{
if (isset($this->_corsConfig['origin'])) {
Utils::header("Access-Control-Allow-Origin: " . $this->_corsConfig['origin']);
} else {
Utils::header("Access-Control-Allow-Origin: '*'");
}
if (isset($this->_corsConfig['allowCredentials'])) {
Utils::header("Access-Control-Allow-Credentials: " . $this->_corsConfig['allowCredentials']);
} else {
Utils::header('Access-Control-Allow-Credentials: true');
}
if (isset($this->_corsConfig['maxAge'])) {
Utils::header("Access-Control-Max-Age: " . $this->_corsConfig['maxAge']);
} else {
Utils::header('Access-Control-Max-Age: 86400');
// cache for 1 day
}
// Access-Control headers are sent during OPTIONS requests
if ($this->_requestMethod == 'OPTIONS') {
if (isset($this->_corsConfig['methods'])) {
Utils::header("Access-Control-Allow-Methods: " . $this->_corsConfig['methods']);
} else {
Utils::header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS');
}
if (isset($this->_corsConfig['allowHeaders'])) {
Utils::header("Access-Control-Allow-Headers: " . $this->_corsConfig['allowHeaders']);
} else {
Utils::header('Access-Control-Allow-Headers: X-Requested-With');
}
}
}
