HandleCors.php
3.9 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
<?php
namespace Fruitcake\Cors;
use Closure;
use Asm89\Stack\CorsService;
use Illuminate\Contracts\Http\Kernel;
use Illuminate\Foundation\Http\Events\RequestHandled;
use Illuminate\Http\Request;
use Illuminate\Contracts\Container\Container;
use Symfony\Component\HttpFoundation\Response;
class HandleCors
{
/** @var CorsService $cors */
protected $cors;
/** @var \Illuminate\Contracts\Container\Container $container */
protected $container;
public function __construct(CorsService $cors, Container $container)
{
$this->cors = $cors;
$this->container = $container;
}
/**
* Handle an incoming request. Based on Asm89\Stack\Cors by asm89
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return Response
*/
public function handle($request, Closure $next)
{
// Check if we're dealing with CORS and if we should handle it
if (! $this->shouldRun($request)) {
return $next($request);
}
// For Preflight, return the Preflight response
if ($this->cors->isPreflightRequest($request)) {
$response = $this->cors->handlePreflightRequest($request);
$this->cors->varyHeader($response, 'Access-Control-Request-Method');
return $response;
}
// Handle the request
$response = $next($request);
if ($request->getMethod() === 'OPTIONS') {
$this->cors->varyHeader($response, 'Access-Control-Request-Method');
}
return $this->addHeaders($request, $response);
}
/**
* Add the headers to the Response, if they don't exist yet.
*
* @param Request $request
* @param Response $response
* @return Response
*/
protected function addHeaders(Request $request, Response $response): Response
{
if (! $response->headers->has('Access-Control-Allow-Origin')) {
// Add the CORS headers to the Response
$response = $this->cors->addActualRequestHeaders($response, $request);
}
return $response;
}
/**
* Add the headers to the Response, if they don't exist yet.
*
* @param RequestHandled $event
* @deprecated
*/
public function onRequestHandled(RequestHandled $event)
{
if ($this->shouldRun($event->request) && $this->container->make(Kernel::class)->hasMiddleware(static::class)) {
$this->addHeaders($event->request, $event->response);
}
}
/**
* Determine if the request has a URI that should pass through the CORS flow.
*
* @param \Illuminate\Http\Request $request
* @return bool
*/
protected function shouldRun(Request $request): bool
{
return $this->isMatchingPath($request);
}
/**
* The the path from the config, to see if the CORS Service should run
*
* @param \Illuminate\Http\Request $request
* @return bool
*/
protected function isMatchingPath(Request $request): bool
{
// Get the paths from the config or the middleware
$paths = $this->getPathsByHost($request->getHost());
foreach ($paths as $path) {
if ($path !== '/') {
$path = trim($path, '/');
}
if ($request->fullUrlIs($path) || $request->is($path)) {
return true;
}
}
return false;
}
/**
* Paths by given host or string values in config by default
*
* @param string $host
* @return array
*/
protected function getPathsByHost(string $host)
{
$paths = $this->container['config']->get('cors.paths', []);
// If where are paths by given host
if (isset($paths[$host])) {
return $paths[$host];
}
// Defaults
return array_filter($paths, function ($path) {
return is_string($path);
});
}
}