/**
* @inheritdoc
*
* @see http://www.w3.org/TR/cors/#resource-processing-model
*/
public function analyze(RequestInterface $request)
{
$serverOrigin = $this->factory->createParsedUrl($this->strategy->getServerOrigin());
// check 'Host' request
if ($this->strategy->isCheckHost() === true && $this->isSameHost($request, $serverOrigin) === false) {
return $this->createResult(AnalysisResultInterface::ERR_NO_HOST_HEADER);
}
// Request handlers have common part (#6.1.1 - #6.1.2 and #6.2.1 - #6.2.2)
// #6.1.1 and #6.2.1
$requestOrigin = $this->getOrigin($request);
if ($requestOrigin === null || $this->isCrossOrigin($requestOrigin, $serverOrigin) === false) {
return $this->createResult(AnalysisResultInterface::TYPE_REQUEST_OUT_OF_CORS_SCOPE);
}
// #6.1.2 and #6.2.2
if ($this->strategy->isRequestOriginAllowed($requestOrigin) === false) {
return $this->createResult(AnalysisResultInterface::ERR_ORIGIN_NOT_ALLOWED);
}
// Since this point handlers have their own path for
// - simple CORS and actual CORS request (#6.1.3 - #6.1.4)
// - pre-flight request (#6.2.3 - #6.2.10)
if ($request->getMethod() === self::PRE_FLIGHT_METHOD) {
return $this->analyzeAsPreFlight($request, $requestOrigin);
} else {
return $this->analyzeAsRequest($request, $requestOrigin);
}
}
/**
* @param RequestInterface $request
*
* @return AnalysisResultInterface
*/
protected function analyzeImplementation(RequestInterface $request)
{
$serverOrigin = $this->factory->createParsedUrl($this->strategy->getServerOrigin());
// check 'Host' request
if ($this->strategy->isCheckHost() === true && $this->isSameHost($request, $serverOrigin) === false) {
$host = $this->getRequestHostHeader($request);
$this->logInfo('Host header in request either absent or do not match server origin. ' . 'Check config settings for Server Origin and Host Check.', ['host' => $host, 'server' => $serverOrigin]);
return $this->createResult(AnalysisResultInterface::ERR_NO_HOST_HEADER);
}
// Request handlers have common part (#6.1.1 - #6.1.2 and #6.2.1 - #6.2.2)
// #6.1.1 and #6.2.1
$requestOrigin = $this->getOrigin($request);
if ($requestOrigin === null || $this->isCrossOrigin($requestOrigin, $serverOrigin) === false) {
$this->logDebug('Request is not CORS (request origin is empty or equals to server one). ' . 'Check config settings for Server Origin.', ['request' => $requestOrigin, 'server' => $serverOrigin]);
return $this->createResult(AnalysisResultInterface::TYPE_REQUEST_OUT_OF_CORS_SCOPE);
}
// #6.1.2 and #6.2.2
if ($this->strategy->isRequestOriginAllowed($requestOrigin) === false) {
$this->logInfo('Request origin is not allowed. Check config settings for Allowed Origins.', ['origin' => $requestOrigin]);
return $this->createResult(AnalysisResultInterface::ERR_ORIGIN_NOT_ALLOWED);
}
// Since this point handlers have their own path for
// - simple CORS and actual CORS request (#6.1.3 - #6.1.4)
// - pre-flight request (#6.2.3 - #6.2.10)
if ($request->getMethod() === self::PRE_FLIGHT_METHOD) {
$result = $this->analyzeAsPreFlight($request, $requestOrigin);
} else {
$result = $this->analyzeAsRequest($request, $requestOrigin);
}
return $result;
}
