/** * For each CORS headers create the specific response * * @param Request $request * @param array $requestHeaders CORS headers we have detected * @return array CORS headers ready to be sent */ public function prepareHeaders($request, $requestHeaders) { $responseHeaders = []; // handle Origin if (isset($requestHeaders['Origin'], $this->cors['Origin'])) { if (in_array('*', $this->cors['Origin']) || in_array($requestHeaders['Origin'], $this->cors['Origin'])) { $responseHeaders['Access-Control-Allow-Origin'] = $requestHeaders['Origin']; } } $this->prepareAllowHeaders('Headers', $requestHeaders, $responseHeaders); if (isset($requestHeaders['Access-Control-Request-Method'])) { $responseHeaders['Access-Control-Allow-Methods'] = implode(', ', $this->cors['Access-Control-Request-Method']); } if (isset($this->cors['Access-Control-Allow-Credentials'])) { $responseHeaders['Access-Control-Allow-Credentials'] = $this->cors['Access-Control-Allow-Credentials'] ? 'true' : 'false'; } if (isset($this->cors['Access-Control-Max-Age']) && $request->isOptions()) { $responseHeaders['Access-Control-Max-Age'] = $this->cors['Access-Control-Max-Age']; } if (isset($this->cors['Access-Control-Expose-Headers'])) { $responseHeaders['Access-Control-Expose-Headers'] = implode(', ', $this->cors['Access-Control-Expose-Headers']); } return $responseHeaders; }