public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next) { $cors = $this->analyzer->analyze($request); switch ($cors->getRequestType()) { case AnalysisResultInterface::ERR_NO_HOST_HEADER: case AnalysisResultInterface::ERR_ORIGIN_NOT_ALLOWED: case AnalysisResultInterface::ERR_METHOD_NOT_SUPPORTED: case AnalysisResultInterface::ERR_HEADERS_NOT_SUPPORTED: return $response->withStatus(403); case AnalysisResultInterface::TYPE_REQUEST_OUT_OF_CORS_SCOPE: return $next($request, $response); case AnalysisResultInterface::TYPE_PRE_FLIGHT_REQUEST: foreach ($cors->getResponseHeaders() as $name => $value) { $response = $response->withHeader($name, $value); } return $response->withStatus(200); default: foreach ($cors->getResponseHeaders() as $name => $value) { $response = $response->withHeader($name, $value); } return $next($request, $response); } }
/** * This method saves analysis result in Illuminate Container for * using it in other parts of the application (e.g. in exception handler). * * @param Request $request * * @return AnalysisResultInterface */ protected function getCorsAnalysis(Request $request) { $analysis = $this->analyzer->analyze($this->getRequestAdapter($request)); $this->container->instance(AnalysisResultInterface::class, $analysis); return $analysis; }