public function onKernelRequest(GetResponseEvent $event) { if (HttpKernelInterface::MASTER_REQUEST !== $event->getRequestType()) { return; } $request = $event->getRequest(); // skip if not a CORS request if (!$request->headers->has('Origin') || $request->headers->get('Origin') == $request->getSchemeAndHttpHost()) { return; } $options = $this->configurationResolver->getOptions($request); if (!$options) { return; } // perform preflight checks if ('OPTIONS' === $request->getMethod()) { $event->setResponse($this->getPreflightResponse($request, $options)); return; } if (!$this->checkOrigin($request, $options)) { return; } $this->dispatcher->addListener('kernel.response', array($this, 'onKernelResponse')); $this->options = $options; }
public function onKernelResponse(FilterResponseEvent $event) { if (HttpKernelInterface::MASTER_REQUEST !== $event->getRequestType()) { return; } $request = $event->getRequest(); $response = $event->getResponse(); $options = $this->configurationResolver->getOptions($request); if (!$options) { return; } if ($options['allow_origin'] !== true) { $response->setVary('Origin', false); } if (!$this->checkOrigin($request, $options)) { return; } // add CORS response headers $response->headers->set('Access-Control-Allow-Origin', $request->headers->get('Origin')); if ($options['allow_credentials']) { $response->headers->set('Access-Control-Allow-Credentials', 'true'); } if ($options['expose_headers']) { $response->headers->set('Access-Control-Expose-Headers', strtolower(implode(', ', $options['expose_headers']))); } }