Merge pull request 'implement cors' (#30 ) from implement-cors into master

Reviewed-on: #30
implement cors
2024-08-02 02:07:28 +02:00 · 2024-08-02 01:42:30 +02:00
1 changed files with 55 additions and 0 deletions
--- a/src/Response/HttpResponse.php
+++ b/src/Response/HttpResponse.php
@ -55,6 +55,11 @@ class HttpResponse

    public function render(): void
    {
+        $this->handleCors();
+        if ($this->method === 'options') {
+            return;
+        }
+
        $match = $this->routeCollection->match($this->method, $this->parsedUrl['path']);
        if ($match === null) {
            $this->render404();
@ -110,6 +115,56 @@ class HttpResponse
        }
    }

+    private function handleCors(): void
+    {
+        $origin = $this->request->header('Origin');
+        if (!$origin) {
+            return;
+        }
+
+        if (isset($this->appConfig['cors']['allow_origins'])) {
+            if (in_array($origin, $this->appConfig['cors']['allow_origins']) || in_array('*', $this->appConfig['cors']['allow_origins'])) {
+                header("Access-Control-Allow-Origin: {$origin}");
+            }
+        }
+
+        if (!empty($this->appConfig['cors']['allow_credentials'])) {
+            header('Access-Control-Allow-Credentials: true');
+        }
+
+        if ($this->method !== 'options') {
+            return;
+        }
+
+        if (isset($this->appConfig['cors']['allow_headers'])) {
+            $headers = explode(',', $this->request->header('Access-Control-Request-Headers'));
+            if (in_array('*', $this->appConfig['cors']['allow_headers'])) {
+                $allow_headers = $headers;
+            } else {
+                $allow_headers = array_intersect($this->appConfig['cors']['allow_headers'], $headers);
+            }
+
+            if (count($allow_headers) > 0) {
+                header('Access-Control-Allow-Headers: ' . join(', ', $allow_headers));
+            }
+        }
+
+        if (isset($this->appConfig['cors']['allow_methods'])) {
+            if (in_array('*', $this->appConfig['cors']['allow_methods'])) {
+                $allow_methods = ['DELETE', 'GET', 'HEAD', 'OPTIONS', 'PATCH', 'POST', 'PUT'];
+            } else {
+                $allow_methods = $this->appConfig['cors']['allow_methods'];
+            }
+
+            if (count($allow_methods) > 0) {
+                header('Access-Control-Allow-Methods: ' . join(', ', $allow_methods));
+            }
+        }
+
+        $max_age = $this->appConfig['cors']['max_age'] ?? 600;
+        header("Access-Control-Max-Age: {$max_age}");
+    }
+
    private function redirectToLogin(): void
    {
        $this->request->session()->set('redirect_after_login', $this->rawUrl);
Author	SHA1	Message	Date
Bence Pőcze	6cb90d5ea2	Merge pull request 'implement cors' (#30 ) from implement-cors into master All checks were successful soko-web/pipeline/head This commit looks good Details Reviewed-on: #30	2024-08-02 02:07:28 +02:00
Pőcze Bence	e67afc401b	implement cors All checks were successful soko-web/pipeline/pr-master This commit looks good Details	2024-08-02 01:42:30 +02:00