public function run(Request $request = null) { if (null === $request) { throw new InvalidArgumentException('must provide Request object'); } $response = null; try { $response = parent::run($request); } catch (PathException $e) { $e = new BadRequestException($e->getMessage()); $response = $e->getJsonResponse(); } // XXX Expires should only be for successful GET?? if ('GET' === $request->getMethod()) { $response->setHeader('Expires', 0); $response->setHeader('Cache-Control', 'no-cache'); } // CORS if (null !== $request->getHeader('Origin')) { $response->setHeader('Access-Control-Allow-Origin', $request->getHeader('Origin')); } elseif (in_array($request->getMethod(), array('GET', 'HEAD', 'OPTIONS'))) { $response->setHeader('Access-Control-Allow-Origin', '"*"'); } $response->setHeader('Access-Control-Expose-Headers', 'ETag, Content-Length'); // this is only needed for OPTIONS requests if ('OPTIONS' === $request->getMethod()) { $response->setHeader('Access-Control-Allow-Methods', 'GET, PUT, DELETE, HEAD, OPTIONS'); // FIXME: are Origin and X-Requested-With really needed? $response->setHeader('Access-Control-Allow-Headers', 'Authorization, Content-Length, Content-Type, Origin, X-Requested-With, If-Match, If-None-Match'); } return $response; }
public function run(Request $request = null) { if (null === $request) { throw new InvalidArgumentException('must provide Request object'); } $response = null; try { $response = parent::run($request); } catch (PathException $e) { $e = new BadRequestException($e->getMessage()); $response = $e->getJsonResponse(); } // if error, add CORS $statusCode = $response->getStatusCode(); if (400 <= $statusCode && 500 > $statusCode) { $this->addCors($response); $this->addNoCache($response); } return $response; }