public function testCanDetectPreflightRequest() { $request = new HttpRequest(); $this->assertFalse($this->corsService->isPreflightRequest($request)); $request->setMethod('OPTIONS'); $this->assertFalse($this->corsService->isPreflightRequest($request)); $request->getHeaders()->addHeaderLine('Origin', 'http://example.com'); $this->assertFalse($this->corsService->isPreflightRequest($request)); $request->getHeaders()->addHeaderLine('Access-Control-Request-Method', 'POST'); $this->assertTrue($this->corsService->isPreflightRequest($request)); }
/** * Handle a CORS preflight request * * @param MvcEvent $event * @return null|HttpResponse */ public function onCorsPreflight(MvcEvent $event) { // Reset state flag $this->isPreflight = false; /** @var $request HttpRequest */ $request = $event->getRequest(); if (!$request instanceof HttpRequest || !$this->corsService->isCorsRequest($request)) { return; } // If this isn't a preflight, done if (!$this->corsService->isPreflightRequest($request)) { return; } // Preflight -- return a response now! $this->isPreflight = true; return $this->corsService->createPreflightCorsResponse($request); }