コード例 #1
0
ファイル: Settings.php プロジェクト: roaringbits/cors-psr7 
 /**
  * @inheritdoc
  */
 public function isRequestOriginAllowed(ParsedUrlInterface $requestOrigin)
 {
     // check if all origins are allowed with '*'
     $isAllowed = isset($this->allowedOrigins[CorsResponseHeaders::VALUE_ALLOW_ORIGIN_ALL]);
     if ($isAllowed === false) {
         $requestOriginStr = strtolower($requestOrigin->getOrigin());
         $isAllowed = isset($this->allowedOrigins[$requestOriginStr]);
     }
     return $isAllowed;
 }
コード例 #2
0
ファイル: Analyzer.php プロジェクト: roaringbits/cors-psr7 
 /**
  * Analyze request as CORS pre-flight request (#6.2.3 - #6.2.10).
  *
  * @param RequestInterface   $request
  * @param ParsedUrlInterface $requestOrigin
  *
  * @return AnalysisResultInterface
  *
  * @SuppressWarnings(PHPMD.NPathComplexity)
  * @SuppressWarnings(PHPMD.CyclomaticComplexity)
  */
 protected function analyzeAsPreFlight(RequestInterface $request, ParsedUrlInterface $requestOrigin)
 {
     // #6.2.3
     $requestMethod = $request->getHeader(CorsRequestHeaders::METHOD);
     if (empty($requestMethod) === true) {
         return $this->createResult(AnalysisResultInterface::TYPE_REQUEST_OUT_OF_CORS_SCOPE);
     } else {
         $requestMethod = $requestMethod[0];
     }
     // OK now we are sure it's a pre-flight request
     /** @var string $requestMethod */
     // #6.2.4
     $requestHeaders = $this->getRequestedHeadersInLowerCase($request);
     // #6.2.5
     if ($this->strategy->isRequestMethodSupported($requestMethod) === false) {
         return $this->createResult(AnalysisResultInterface::ERR_METHOD_NOT_SUPPORTED);
     }
     // #6.2.6
     if ($this->strategy->isRequestAllHeadersSupported($requestHeaders) === false) {
         return $this->createResult(AnalysisResultInterface::ERR_HEADERS_NOT_SUPPORTED);
     }
     // pre-flight response headers
     $headers = [];
     // #6.2.7
     $headers[CorsResponseHeaders::ALLOW_ORIGIN] = $requestOrigin->getOrigin();
     if ($this->strategy->isRequestCredentialsSupported($request) === true) {
         $headers[CorsResponseHeaders::ALLOW_CREDENTIALS] = CorsResponseHeaders::VALUE_ALLOW_CREDENTIALS_TRUE;
     }
     // #6.4
     $headers[CorsResponseHeaders::VARY] = CorsRequestHeaders::ORIGIN;
     // #6.2.8
     if ($this->strategy->isPreFlightCanBeCached($request) === true) {
         $headers[CorsResponseHeaders::MAX_AGE] = $this->strategy->getPreFlightCacheMaxAge($request);
     }
     // #6.2.9
     $isSimpleMethod = isset($this->simpleMethods[$requestMethod]);
     if ($isSimpleMethod === false || $this->strategy->isForceAddAllowedMethodsToPreFlightResponse() === true) {
         $headers[CorsResponseHeaders::ALLOW_METHODS] = $this->strategy->getRequestAllowedMethods($request, $requestMethod);
     }
     // #6.2.10
     // Has only 'simple' headers excluding Content-Type
     $isSimpleExclCT = empty(array_diff($requestHeaders, $this->simpleHeadersExclContentType));
     if ($isSimpleExclCT === false || $this->strategy->isForceAddAllowedHeadersToPreFlightResponse() === true) {
         $headers[CorsResponseHeaders::ALLOW_HEADERS] = $this->strategy->getRequestAllowedHeaders($request, $requestHeaders);
     }
     return $this->createResult(AnalysisResultInterface::TYPE_PRE_FLIGHT_REQUEST, $headers);
 }