/** * Processes an access control request * * @param Request $request Access control request to process * @return void * @throws Exception\AccessDeniedException If access is not allowed */ public function processRequest(Request $request, Response $response) { if (!$request->isCrossOrigin()) { return; } if ($request->isPreflight()) { if (!$request->getRequestMethod()) { throw new Exception\AccessDeniedException('Missing request method', 1413983849); } if (!$this->isMethodAllowed($request->getRequestMethod())) { throw new Exception\AccessDeniedException('Request method "' . $request->getRequestMethod() . '" not allowed', 1413983927); } foreach ($request->getRequestHeaders() as $header) { if (!$this->isHeaderAllowed($header)) { throw new Exception\AccessDeniedException('Request header "' . $header . '" not allowed', 1413988013); } } $response->setPreflight(TRUE); $response->setAllowedMethods([$request->getRequestMethod()]); $response->setAllowedHeaders($request->getRequestHeaders()); $response->setMaximumAge($this->getMaximumAge()); } $origin = $request->getOrigin(); $originUri = $origin->getScheme() . '://' . $origin->getHostname() . ($origin->getPort() ? ':' . $origin->getPort() : ''); if ($this->isOriginUriAllowed('*') && !$request->hasCredentials()) { $response->setAllowedOrigin('*'); } elseif ($this->isOriginUriAllowed($originUri)) { $response->setAllowedOrigin($originUri); } else { throw new Exception\AccessDeniedException('Access not allowed for origin "' . $originUri . '"', 1413983266); } if ($request->hasCredentials()) { $response->setAllowCredentials($this->getAllowCredentials()); } $response->setExposedHeaders($this->getExposedHeaders()); }