/** * Process thrown exception * Generate and set HTTP response code, error message to Response object * * @param Exception $exception * @param Mage_Api2_Model_Renderer_Interface $renderer * @param Mage_Api2_Model_Response $response * @return Mage_Api2_Model_Server */ protected function _renderException(Exception $exception, Mage_Api2_Model_Renderer_Interface $renderer, Mage_Api2_Model_Response $response) { if ($exception instanceof Mage_Api2_Exception && $exception->getCode()) { $httpCode = $exception->getCode(); } else { $httpCode = self::HTTP_INTERNAL_ERROR; } try { //add last error to stack $response->setException($exception); $messages = array(); /** @var Exception $exception */ foreach ($response->getException() as $exception) { $message = array('code' => $exception->getCode(), 'message' => $exception->getMessage()); if (Mage::getIsDeveloperMode()) { $message['trace'] = $exception->getTraceAsString(); } $messages['messages']['error'][] = $message; } //set HTTP Code of last error, Content-Type and Body $response->setBody($renderer->render($messages)); $response->setHeader('Content-Type', sprintf('%s; charset=%s', $renderer->getMimeType(), Mage_Api2_Model_Response::RESPONSE_CHARSET)); } catch (Exception $e) { //tunnelling of 406(Not acceptable) error $httpCode = $e->getCode() == self::HTTP_NOT_ACCEPTABLE ? self::HTTP_NOT_ACCEPTABLE : self::HTTP_INTERNAL_ERROR; //if error appeared in "error rendering" process then show it in plain text $response->setBody($e->getMessage()); $response->setHeader('Content-Type', 'text/plain; charset=' . Mage_Api2_Model_Response::RESPONSE_CHARSET); } $response->setHttpResponseCode($httpCode); return $this; }
protected function filterBefore(Mage_Api2_Model_Request $request, Mage_Api2_Model_Response $response) { // Add generic CORS headers - this is not the 'right' way to do this, but Magento has no CORS support in Mage_Api2 $response->setHeader('Access-Control-Allow-Origin', '*', true); $response->setHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE', true); $response->setHeader('Access-Control-Allow-Headers', 'Content-Type', true); $response->setHeader('Access-Control-Max-Age', '86400', true); // Support credentials $response->setHeader('Access-Control-Allow-Credentials', 'true', true); $origin = $request->getHeader('Origin'); if ($origin) { try { $origin = Zend_Uri_Http::factory($origin); $response->setHeader('Access-Control-Allow-Origin', $origin->getUri(), true); } catch (Exception $e) { // NOOP } } Mage::dispatchEvent('api2_server_filter_before', ['request' => $request, 'response' => $response]); }