public function testReturnNullForUnknownOrigin() { $request = new HttpRequest(); $request->getHeaders()->addHeaderLine('Origin', 'http://unauthorized-origin.com'); $response = $this->corsService->createPreflightCorsResponse($request); $headers = $response->getHeaders(); $this->assertEquals('null', $headers->get('Access-Control-Allow-Origin')->getFieldValue()); }
/** * Handle a CORS preflight request * * @param MvcEvent $event * @return null|HttpResponse */ public function onCorsPreflight(MvcEvent $event) { // Reset state flag $this->isPreflight = false; /** @var $request HttpRequest */ $request = $event->getRequest(); if (!$request instanceof HttpRequest || !$this->corsService->isCorsRequest($request)) { return; } // If this isn't a preflight, done if (!$this->corsService->isPreflightRequest($request)) { return; } // Preflight -- return a response now! $this->isPreflight = true; return $this->corsService->createPreflightCorsResponse($request); }