/** * Execute the middleware. * * @param ServerRequestInterface $request * @param ResponseInterface $response * @param callable $next * * @return ResponseInterface */ public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next) { if (empty($this->settings)) { throw new RuntimeException('No SettingsStrategyInterface instance has been provided'); } $cors = Analyzer::instance($this->settings)->analyze($request); switch ($cors->getRequestType()) { case AnalysisResultInterface::ERR_NO_HOST_HEADER: case AnalysisResultInterface::ERR_ORIGIN_NOT_ALLOWED: case AnalysisResultInterface::ERR_METHOD_NOT_SUPPORTED: case AnalysisResultInterface::ERR_HEADERS_NOT_SUPPORTED: return $response->withStatus(403); case AnalysisResultInterface::TYPE_REQUEST_OUT_OF_CORS_SCOPE: return $next($request, $response); case AnalysisResultInterface::TYPE_PRE_FLIGHT_REQUEST: foreach ($cors->getResponseHeaders() as $name => $value) { $response = $response->withHeader($name, $value); } return $response->withStatus(200); default: $response = $next($request, $response); foreach ($cors->getResponseHeaders() as $name => $value) { $response = $response->withHeader($name, $value); } return $response; } }
/** * Execute the middleware. * * @param ServerRequestInterface $request * @param ResponseInterface $response * @param callable $next * * @return ResponseInterface */ public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next) { $settings = $this->settings ?: $this->getFromContainer(SettingsStrategyInterface::CLASS); $cors = Analyzer::instance($settings)->analyze($request); switch ($cors->getRequestType()) { case AnalysisResultInterface::ERR_NO_HOST_HEADER: case AnalysisResultInterface::ERR_ORIGIN_NOT_ALLOWED: case AnalysisResultInterface::ERR_METHOD_NOT_SUPPORTED: case AnalysisResultInterface::ERR_HEADERS_NOT_SUPPORTED: return $response->withStatus(403); case AnalysisResultInterface::TYPE_REQUEST_OUT_OF_CORS_SCOPE: return $next($request, $response); case AnalysisResultInterface::TYPE_PRE_FLIGHT_REQUEST: foreach ($cors->getResponseHeaders() as $name => $value) { $response = $response->withHeader($name, $value); } return $response->withStatus(200); default: $response = $next($request, $response); foreach ($cors->getResponseHeaders() as $name => $value) { $response = $response->withHeader($name, $value); } return $response; } }
public function __construct(SettingsStrategyInterface $settings = null, LoggerInterface $logger = null) { $this->settings = $settings ?? new Settings(); $this->analyzer = Analyzer::instance($this->settings); if (null !== $logger) { $this->analyzer->setLogger($logger); } }
/** * @param Container $container * * @return void * * @SuppressWarnings(PHPMD.StaticAccess) */ protected static function setUpCors(Container $container) { $container[AnalyzerInterface::class] = function (ContainerInterface $container) { /** @var ConfigInterface $config */ $config = $container->get(ConfigInterface::class); $appConfig = $config->getConfig(Application::class); $strategy = new Settings($config->getConfig(Settings::class)); $analyzer = Analyzer::instance($strategy); if ($appConfig[Application::KEY_IS_LOG_ENABLED] === true) { $logger = $container->get(LoggerInterface::class); $analyzer->setLogger($logger); } return $analyzer; }; }
public function __invoke(RequestInterface $request, ResponseInterface $response, callable $next) { $analyzer = Analyzer::instance($this->buildSettings($request, $response)); if ($this->logger) { $analyzer->setLogger($this->logger); } $cors = $analyzer->analyze($request); switch ($cors->getRequestType()) { case AnalysisResultInterface::ERR_ORIGIN_NOT_ALLOWED: return $this->error($request, $response, ["message" => "CORS request origin is not allowed."])->withStatus(401); case AnalysisResultInterface::ERR_METHOD_NOT_SUPPORTED: return $this->error($request, $response, ["message" => "CORS requested method is not supported."])->withStatus(401); case AnalysisResultInterface::ERR_HEADERS_NOT_SUPPORTED: return $this->error($request, $response, ["message" => "CORS requested header is not allowed."])->withStatus(401); case AnalysisResultInterface::TYPE_PRE_FLIGHT_REQUEST: $cors_headers = $cors->getResponseHeaders(); foreach ($cors_headers as $header => $value) { /* Diactoros errors on integer values. */ if (false === is_array($value)) { $value = (string) $value; } $response = $response->withHeader($header, $value); } return $response->withStatus(200); case AnalysisResultInterface::TYPE_REQUEST_OUT_OF_CORS_SCOPE: return $next($request, $response); default: /* Actual CORS request. */ $response = $next($request, $response); $cors_headers = $cors->getResponseHeaders(); foreach ($cors_headers as $header => $value) { /* Diactoros errors on integer values. */ if (false === is_array($value)) { $value = (string) $value; } $response = $response->withHeader($header, $value); } return $response; } }
/** * Set the CORS headers * * @param \Psr\Http\Message\ServerRequestInterface $request PSR7 request * @param \Psr\Http\Message\ResponseInterface $response PSR7 response * @param callable $next Next middleware * * @return \Psr\Http\Message\ResponseInterface */ private function setCORSheaders($request, $response, $next) { $settings = new Settings(); $settings->setServerOrigin(['scheme' => $request->getUri()->getScheme(), 'host' => $request->getUri()->getHost(), 'port' => $request->getUri()->getPort()])->setRequestCredentialsSupported(true)->setServerOrigin($request->getHeader('HTTP_ORIGIN'))->setPreFlightCacheMaxAge(86400)->setRequestAllowedMethods(['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'])->setRequestAllowedHeaders(['X-Requested-With']); if ($request->getHeader('HTTP_ACCESS_CONTROL_REQUEST_METHOD')) { $settings->setRequestAllowedMethods($request->getHeader('HTTP_ACCESS_CONTROL_REQUEST_METHOD')); } if ($request->getHeader('HTTP_ACCESS_CONTROL_REQUEST_HEADERS')) { $settings->setRequestAllowedHeaders($request->getHeader('HTTP_ACCESS_CONTROL_REQUEST_HEADERS')); } $cors = Analyzer::instance($settings)->analyze($request); switch ($cors->getRequestType()) { case AnalysisResultInterface::ERR_NO_HOST_HEADER: case AnalysisResultInterface::ERR_ORIGIN_NOT_ALLOWED: case AnalysisResultInterface::ERR_METHOD_NOT_SUPPORTED: case AnalysisResultInterface::ERR_HEADERS_NOT_SUPPORTED: return $response->withStatus(403); case AnalysisResultInterface::TYPE_REQUEST_OUT_OF_CORS_SCOPE: return $next($request, $response); case AnalysisResultInterface::TYPE_PRE_FLIGHT_REQUEST: foreach ($cors->getResponseHeaders() as $name => $value) { $response = $response->withHeader($name, $value); } return $response->withStatus(200); default: $response = $next($request, $response); foreach ($cors->getResponseHeaders() as $name => $value) { $response = $response->withHeader($name, $value); } return $response; } }
/** * @return Closure */ protected function getCreateAnalyzerClosure() { return function ($app) { /** @var AnalysisStrategyInterface $strategy */ $strategy = $app[AnalysisStrategyInterface::class]; $analyzer = Analyzer::instance($strategy); $logger = $this->getLoggerIfEnabled($app); $logger === null ?: $analyzer->setLogger($logger); return $analyzer; }; }