public function onKernelRequest(GetResponseEvent $event)
{
if (HttpKernelInterface::MASTER_REQUEST !== $event->getRequestType()) {
return;
}
$request = $event->getRequest();
// skip if not a CORS request
if (!$request->headers->has('Origin') || $request->headers->get('Origin') == $request->getSchemeAndHttpHost()) {
return;
}
$options = $this->configurationResolver->getOptions($request);
if (!$options) {
return;
}
// perform preflight checks
if ('OPTIONS' === $request->getMethod()) {
$event->setResponse($this->getPreflightResponse($request, $options));
return;
}
if (!$this->checkOrigin($request, $options)) {
return;
}
$this->dispatcher->addListener('kernel.response', array($this, 'onKernelResponse'));
$this->options = $options;
}
public function onKernelResponse(FilterResponseEvent $event)
{
if (HttpKernelInterface::MASTER_REQUEST !== $event->getRequestType()) {
return;
}
$request = $event->getRequest();
$response = $event->getResponse();
$options = $this->configurationResolver->getOptions($request);
if (!$options) {
return;
}
if ($options['allow_origin'] !== true) {
$response->setVary('Origin', false);
}
if (!$this->checkOrigin($request, $options)) {
return;
}
// add CORS response headers
$response->headers->set('Access-Control-Allow-Origin', $request->headers->get('Origin'));
if ($options['allow_credentials']) {
$response->headers->set('Access-Control-Allow-Credentials', 'true');
}
if ($options['expose_headers']) {
$response->headers->set('Access-Control-Expose-Headers', strtolower(implode(', ', $options['expose_headers'])));
}
}
