public function run(Request $request = null)
{
if (null === $request) {
throw new InvalidArgumentException('must provide Request object');
}
$response = null;
try {
$response = parent::run($request);
} catch (PathException $e) {
$e = new BadRequestException($e->getMessage());
$response = $e->getJsonResponse();
}
// XXX Expires should only be for successful GET??
if ('GET' === $request->getMethod()) {
$response->setHeader('Expires', 0);
$response->setHeader('Cache-Control', 'no-cache');
}
// CORS
if (null !== $request->getHeader('Origin')) {
$response->setHeader('Access-Control-Allow-Origin', $request->getHeader('Origin'));
} elseif (in_array($request->getMethod(), array('GET', 'HEAD', 'OPTIONS'))) {
$response->setHeader('Access-Control-Allow-Origin', '"*"');
}
$response->setHeader('Access-Control-Expose-Headers', 'ETag, Content-Length');
// this is only needed for OPTIONS requests
if ('OPTIONS' === $request->getMethod()) {
$response->setHeader('Access-Control-Allow-Methods', 'GET, PUT, DELETE, HEAD, OPTIONS');
// FIXME: are Origin and X-Requested-With really needed?
$response->setHeader('Access-Control-Allow-Headers', 'Authorization, Content-Length, Content-Type, Origin, X-Requested-With, If-Match, If-None-Match');
}
return $response;
}
public function __construct(OAuthServer $oauthServer, AuthenticationPluginInterface $authenticationPlugin)
{
parent::__construct($oauthServer, $authenticationPlugin);
$this->registerMyRoutes();
}
public function run(Request $request = null)
{
if (null === $request) {
throw new InvalidArgumentException('must provide Request object');
}
$response = null;
try {
$response = parent::run($request);
} catch (PathException $e) {
$e = new BadRequestException($e->getMessage());
$response = $e->getJsonResponse();
}
// if error, add CORS
$statusCode = $response->getStatusCode();
if (400 <= $statusCode && 500 > $statusCode) {
$this->addCors($response);
$this->addNoCache($response);
}
return $response;
}
