/** * Invokable class * * @param Psr\Http\Message\ServerRequestInterface $request * @param Psr\Http\Message\ResponseInterface $response * @param callable $next * @return Psr\Http\Message\ResponseInterface */ public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next) { // Build CorsRequest from PSR-7 request $corsRequest = $this->buildCorsRequest($request); // If NOT preflight request; perform $next action and collect response if (!$corsRequest->isPreflight()) { $response = $next($request, $response); } // Process CorsRequest $corsResponse = $this->cors->process($corsRequest); // Apply CORS response parameters to PSR-7 response $response = $this->applyResponseParams($corsResponse, $response); return $response; }
/** * Handle CORS request * * @param Illuminate\Http\Request $request * @param Closure $next * @return Illuminate\Http\Response */ public function handle(Request $request, Closure $next) { // Build CorsRequest from Illuminate Request $corsRequest = $this->buildCorsRequest($request); // If preflight request; skip $next action and build new response if ($corsRequest->isPreflight()) { $response = new Response(); } else { $response = $next($request); } // Process CorsRequest $corsResponse = $this->cors->process($corsRequest); // Apply CORS response parameters to Illuminate Response $response = $this->applyResponseParams($corsResponse, $response); return $response; }
/** * CORS: * - allowOrigins: http://example.com * - allowHeaders: Authorization, Content-Type * Preflight request: * - Access-Control-Request-Method: GET * - Access-Control-Request-Headers: Accept, Accept-Language, Authorization, Content-Language, Content-Type * - Origin: http://example.com * Result: * - Contains access-control-allow-origin key, with allowed origin as value * - Contains access-control-allow-headers key, with allowed headers as value */ public function test_section_6_2_10_not_simple() { $cors = new CorsService(['allowOrigins' => ['http://example.com'], 'allowHeaders' => ['Authorization', 'Content-Type']]); $result = $cors->process((new CorsRequest())->setMethod('OPTIONS')->setAccessControlRequestMethod('GET')->setAccessControlRequestHeaders(['Accept', 'Authorization', 'Content-Type'])->setOrigin('http://example.com')); $this->assertEquals(['access-control-allow-origin' => 'http://example.com', 'access-control-allow-headers' => ['Authorization', 'Content-Type']], $result); }