1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162 |
- <?php
- declare(strict_types=1);
- namespace Shlinkio\Shlink\Rest\Middleware;
- use Fig\Http\Message\RequestMethodInterface;
- use Mezzio\Router\RouteResult;
- use Psr\Http\Message\ResponseInterface;
- use Psr\Http\Message\ServerRequestInterface;
- use Psr\Http\Server\MiddlewareInterface;
- use Psr\Http\Server\RequestHandlerInterface;
- use Shlinkio\Shlink\Rest\Authentication;
- use function implode;
- class CrossDomainMiddleware implements MiddlewareInterface, RequestMethodInterface
- {
- public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
- {
- $response = $handler->handle($request);
- if (! $request->hasHeader('Origin')) {
- return $response;
- }
- // Add Allow-Origin header
- $response = $response->withHeader('Access-Control-Allow-Origin', $request->getHeader('Origin'))
- ->withHeader('Access-Control-Expose-Headers', implode(', ', [
- Authentication\Plugin\ApiKeyHeaderPlugin::HEADER_NAME,
- ]));
- if ($request->getMethod() !== self::METHOD_OPTIONS) {
- return $response;
- }
- return $this->addOptionsHeaders($request, $response);
- }
- private function addOptionsHeaders(ServerRequestInterface $request, ResponseInterface $response): ResponseInterface
- {
- /** @var RouteResult|null $matchedRoute */
- $matchedRoute = $request->getAttribute(RouteResult::class);
- $matchedMethods = $matchedRoute !== null ? $matchedRoute->getAllowedMethods() : [
- self::METHOD_GET,
- self::METHOD_POST,
- self::METHOD_PUT,
- self::METHOD_PATCH,
- self::METHOD_DELETE,
- self::METHOD_OPTIONS,
- ];
- $corsHeaders = [
- 'Access-Control-Allow-Methods' => implode(',', $matchedMethods),
- 'Access-Control-Max-Age' => '1000',
- 'Access-Control-Allow-Headers' => $request->getHeaderLine('Access-Control-Request-Headers'),
- ];
- foreach ($corsHeaders as $key => $value) {
- $response = $response->withHeader($key, $value);
- }
- return $response;
- }
- }
|