Cors::areHeadersAllowed() - Code Metrics - Inspection of "Add support for Access-Control-Allow-Headers" - jdesrosiers/silex-cors-provider - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( dc4a9b...7bca64 )

by Jason

created 2017-03-09 03:29 UTC

Cors::areHeadersAllowed() A

↳ Parent: Cors

Complexity

Conditions	2
Paths	2

Size

Total Lines	9
Code Lines	6

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	6
CRAP Score	2

Importance

Changes

Metric	Value
dl	0
loc	9
ccs	6
cts	6
cp	1
rs	9.6666
c	0
b	0
f	0
cc	2
eloc	6
nc	2
nop	1
crap	2

<?php

namespace JDesrosiers\Silex\Provider;

use Pimple\Container;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;

class Cors
{
    private $app;

    public function __construct(Container $app)
    {
        $this->app = $app;
    }

    public function __invoke(Request $request, Response $response)
    {
        $response->headers->add($this->corsHeaders($request, $response->headers->get("Allow")));
    }

    private function corsHeaders(Request $request, $allow)
    {
        $headers = [];

        if (!$this->isCorsRequest($request)) {
            return [];
        }

        if ($this->isPreflightRequest($request)) {
            $requestMethod = $request->headers->get("Access-Control-Request-Method");
            if (!$this->isMethodAllowed($requestMethod, $allow)) {
                return [];
            }

            $requestHeaders = $request->headers->get("Access-Control-Request-Headers");
            if (!$this->areHeadersAllowed($requestHeaders)) {
                return [];
            }

            $headers["Access-Control-Allow-Headers"] = $requestHeaders;
            $headers["Access-Control-Allow-Methods"] = $requestMethod;
            $headers["Access-Control-Max-Age"] = $this->app["cors.maxAge"];
        } else {
            $headers["Access-Control-Expose-Headers"] = $this->app["cors.exposeHeaders"];
        }

        $headers["Access-Control-Allow-Origin"] = $this->allowOrigin($request);
        $headers["Access-Control-Allow-Credentials"] = $this->allowCredentials();

        return array_filter($headers);
    }

    private function isCorsRequest(Request $request)
    {
        return $request->headers->has("Origin");
    }

    private function isPreflightRequest(Request $request)
    {
        return $request->getMethod() === "OPTIONS" && $request->headers->has("Access-Control-Request-Method");
    }

    private function isMethodAllowed($requestMethod, $allow)
    {
        $commaSeparatedMethods = !is_null($this->app["cors.allowMethods"]) ? $this->app["cors.allowMethods"] : $allow;
        $allowedMethods = array_filter(preg_split("/\s*,\s*/", $commaSeparatedMethods));
        return in_array($requestMethod, $allowedMethods);
    }

    private function areHeadersAllowed($commaSeparatedRequestHeaders)
    {
        if ($this->app["cors.allowHeaders"] === null) {
            return true;
        }
        $requestHeaders = array_filter(preg_split("/\s*,\s*/", $commaSeparatedRequestHeaders));
        $allowedHeaders = array_filter(preg_split("/\s*,\s*/", $this->app["cors.allowHeaders"]));
        return array_diff($requestHeaders, $allowedHeaders) === [];
    }

    private function allowOrigin(Request $request)
    {
        $origin = $request->headers->get("Origin");
        if ($this->app["cors.allowOrigin"] === "*") {
            $this->app["cors.allowOrigin"] = $origin;
        }

        $origins = array_filter(preg_split('/\s+/', $this->app["cors.allowOrigin"]));
        foreach ($origins as $domain) {
            if (preg_match($this->domainToRegex($domain), $origin)) {
                return $origin;
            }
        }

        return "null";
    }

    private function domainToRegex($domain)
    {
        return "/^" . preg_replace("/^\\\\\*/", "[^.]+", preg_quote($domain, "/")) . "$/";
    }

    private function allowCredentials()
    {
        return $this->app["cors.allowCredentials"] === true ? "true" : null;
    }
}


1		<?php
2
3		namespace JDesrosiers\Silex\Provider;
4
5		use Pimple\Container;
6		use Symfony\Component\HttpFoundation\Request;
7		use Symfony\Component\HttpFoundation\Response;
8
9		class Cors
10		{
11		private $app;
12
13	29	public function __construct(Container $app)
14		{
15	29	$this->app = $app;
16	29	}
17
18	25	public function __invoke(Request $request, Response $response)
19		{
20	25	$response->headers->add($this->corsHeaders($request, $response->headers->get("Allow")));
21	25	}
22
23	25	private function corsHeaders(Request $request, $allow)
24		{
25	25	$headers = [];
26
27	25	if (!$this->isCorsRequest($request)) {
28	2	return [];
29		}
30
31	23	if ($this->isPreflightRequest($request)) {
32	8	$requestMethod = $request->headers->get("Access-Control-Request-Method");
33	8	if (!$this->isMethodAllowed($requestMethod, $allow)) {
34	2	return [];
35		}
36
37	6	$requestHeaders = $request->headers->get("Access-Control-Request-Headers");
38	6	if (!$this->areHeadersAllowed($requestHeaders)) {
39	1	return [];
40		}
41
42	5	$headers["Access-Control-Allow-Headers"] = $requestHeaders;
43	5	$headers["Access-Control-Allow-Methods"] = $requestMethod;
44	5	$headers["Access-Control-Max-Age"] = $this->app["cors.maxAge"];
45	5	} else {
46	15	$headers["Access-Control-Expose-Headers"] = $this->app["cors.exposeHeaders"];
47		}
48
49	20	$headers["Access-Control-Allow-Origin"] = $this->allowOrigin($request);
50	20	$headers["Access-Control-Allow-Credentials"] = $this->allowCredentials();
51
52	20	return array_filter($headers);
53		}
54
55	25	private function isCorsRequest(Request $request)
56		{
57	25	return $request->headers->has("Origin");
58		}
59
60	23	private function isPreflightRequest(Request $request)
61		{
62	23	return $request->getMethod() === "OPTIONS" && $request->headers->has("Access-Control-Request-Method");
63		}
64
65	8	private function isMethodAllowed($requestMethod, $allow)
66		{
67	8	$commaSeparatedMethods = !is_null($this->app["cors.allowMethods"]) ? $this->app["cors.allowMethods"] : $allow;
68	8	$allowedMethods = array_filter(preg_split("/\s,\s/", $commaSeparatedMethods));
69	8	return in_array($requestMethod, $allowedMethods);
70		}
71
72	6	private function areHeadersAllowed($commaSeparatedRequestHeaders)
73		{
74	6	if ($this->app["cors.allowHeaders"] === null) {
75	5	return true;
76		}
77	1	$requestHeaders = array_filter(preg_split("/\s,\s/", $commaSeparatedRequestHeaders));
78	1	$allowedHeaders = array_filter(preg_split("/\s,\s/", $this->app["cors.allowHeaders"]));
79	1	return array_diff($requestHeaders, $allowedHeaders) === [];
80		}
81
82	20	private function allowOrigin(Request $request)
83		{
84	20	$origin = $request->headers->get("Origin");
85	20	if ($this->app["cors.allowOrigin"] === "*") {
86	14	$this->app["cors.allowOrigin"] = $origin;
87	14	}
88
89	20	$origins = array_filter(preg_split('/\s+/', $this->app["cors.allowOrigin"]));
90	20	foreach ($origins as $domain) {
91	20	if (preg_match($this->domainToRegex($domain), $origin)) {
92	19	return $origin;
93		}
94	2	}
95
96	1	return "null";
97		}
98
99	20	private function domainToRegex($domain)
100		{
101	20	return "/^" . preg_replace("/^\\\\\*/", "[^.]+", preg_quote($domain, "/")) . "$/";
102		}
103
104	20	private function allowCredentials()
105		{
106	20	return $this->app["cors.allowCredentials"] === true ? "true" : null;
107		}
108		}
109

jdesrosiers / silex-cors-provider

GitHub Access Token became invalid

Push — master ( dc4a9b...7bca64 )

Cors::areHeadersAllowed() A

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like