示例#1
0
 /**
  * Shortcut for testing expected headers of a response
  * @param array $expected an array with the expected headers
  * @param Response $response the response which we want to test for headers
  */
 protected function assertHeaders(array $expected = array(), Response $response)
 {
     $headers = $response->getHeaders();
     foreach ($expected as $header) {
         $this->assertTrue(in_array($header, $headers));
     }
 }
示例#2
0
 public function testChainability()
 {
     $lastModified = new \DateTime(null, new \DateTimeZone('GMT'));
     $lastModified->setTimestamp(1);
     $this->childResponse->setEtag('hi')->setStatus(Http::STATUS_NOT_FOUND)->setLastModified($lastModified)->cacheFor(33)->addHeader('hello', 'world');
     $headers = $this->childResponse->getHeaders();
     $this->assertEquals('world', $headers['hello']);
     $this->assertEquals(Http::STATUS_NOT_FOUND, $this->childResponse->getStatus());
     $this->assertEquals('hi', $this->childResponse->getEtag());
     $this->assertEquals('Thu, 01 Jan 1970 00:00:01 +0000', $headers['Last-Modified']);
     $this->assertEquals('max-age=33, must-revalidate', $headers['Cache-Control']);
 }
示例#3
0
 /**
  * This is being run after a successful controllermethod call and allows
  * the manipulation of a Response object. The middleware is run in reverse order
  *
  * @param Controller $controller the controller that is being called
  * @param string $methodName the name of the method that will be called on
  *                           the controller
  * @param Response $response the generated response from the controller
  * @return Response a Response object
  */
 public function afterController($controller, $methodName, Response $response)
 {
     // only react if its a CORS request and if the request sends origin and
     if (isset($this->request->server['HTTP_ORIGIN']) && $this->reflector->hasAnnotation('CORS')) {
         // allow credentials headers must not be true or CSRF is possible
         // otherwise
         foreach ($response->getHeaders() as $header => $value) {
             if (strtolower($header) === 'access-control-allow-credentials' && strtolower(trim($value)) === 'true') {
                 $msg = 'Access-Control-Allow-Credentials must not be ' . 'set to true in order to prevent CSRF';
                 throw new SecurityException($msg);
             }
         }
         $origin = $this->request->server['HTTP_ORIGIN'];
         $response->addHeader('Access-Control-Allow-Origin', $origin);
     }
     return $response;
 }