Exemplo n.º 1
0
 /**
  * Analyze request as CORS pre-flight request (#6.2.3 - #6.2.10).
  *
  * @param RequestInterface   $request
  * @param ParsedUrlInterface $requestOrigin
  *
  * @return AnalysisResultInterface
  *
  * @SuppressWarnings(PHPMD.NPathComplexity)
  * @SuppressWarnings(PHPMD.CyclomaticComplexity)
  */
 protected function analyzeAsPreFlight(RequestInterface $request, ParsedUrlInterface $requestOrigin)
 {
     // #6.2.3
     $requestMethod = $request->getHeader(CorsRequestHeaders::METHOD);
     if (empty($requestMethod) === true) {
         $this->logDebug('Request is not CORS (header ' . CorsRequestHeaders::METHOD . ' is not specified).');
         return $this->createResult(AnalysisResultInterface::TYPE_REQUEST_OUT_OF_CORS_SCOPE);
     } else {
         $requestMethod = $requestMethod[0];
     }
     // OK now we are sure it's a pre-flight request
     $this->logDebug('Request is identified as a pre-flight CORS request.');
     /** @var string $requestMethod */
     // #6.2.4
     $requestHeaders = $this->getRequestedHeadersInLowerCase($request);
     // #6.2.5
     if ($this->strategy->isRequestMethodSupported($requestMethod) === false) {
         $this->logInfo('Request method is not supported. Check config settings for Allowed Methods.', ['method' => $requestMethod]);
         return $this->createResult(AnalysisResultInterface::ERR_METHOD_NOT_SUPPORTED);
     }
     // #6.2.6
     if ($this->strategy->isRequestAllHeadersSupported($requestHeaders) === false) {
         return $this->createResult(AnalysisResultInterface::ERR_HEADERS_NOT_SUPPORTED);
     }
     // pre-flight response headers
     $headers = [];
     // #6.2.7
     $headers[CorsResponseHeaders::ALLOW_ORIGIN] = $requestOrigin->getOrigin();
     if ($this->strategy->isRequestCredentialsSupported($request) === true) {
         $headers[CorsResponseHeaders::ALLOW_CREDENTIALS] = CorsResponseHeaders::VALUE_ALLOW_CREDENTIALS_TRUE;
     }
     // #6.4
     $headers[CorsResponseHeaders::VARY] = CorsRequestHeaders::ORIGIN;
     // #6.2.8
     if ($this->strategy->isPreFlightCanBeCached($request) === true) {
         $headers[CorsResponseHeaders::MAX_AGE] = $this->strategy->getPreFlightCacheMaxAge($request);
     }
     // #6.2.9
     $isSimpleMethod = isset($this->simpleMethods[$requestMethod]);
     if ($isSimpleMethod === false || $this->strategy->isForceAddAllowedMethodsToPreFlightResponse() === true) {
         $headers[CorsResponseHeaders::ALLOW_METHODS] = $this->strategy->getRequestAllowedMethods($request, $requestMethod);
     }
     // #6.2.10
     // Has only 'simple' headers excluding Content-Type
     $isSimpleExclCT = empty(array_diff($requestHeaders, $this->simpleHeadersExclContentType));
     if ($isSimpleExclCT === false || $this->strategy->isForceAddAllowedHeadersToPreFlightResponse() === true) {
         $headers[CorsResponseHeaders::ALLOW_HEADERS] = $this->strategy->getRequestAllowedHeaders($request, $requestHeaders);
     }
     return $this->createResult(AnalysisResultInterface::TYPE_PRE_FLIGHT_REQUEST, $headers);
 }