CorsMiddleware - Code Metrics - samuelgfeller/slim-starter - Measure and Improve Code Quality continuously with Scrutinizer

CorsMiddleware A
last analyzed 2025-06-13 11:45 UTC

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	36
Duplicated Lines	0 %

Test Coverage

Coverage

87.5%

Importance

Changes

Metric	Value
eloc	17
dl	0
loc	36
ccs	14
cts	16
cp	0.875
rs	10
c	0
b	0
f	0
wmc	4

2 Methods

Rating	Name	Duplication	Size	Complexity
A	__construct()	0	3	1
A	process()	0	27	3

<?php

namespace App\Application\Middleware;

use App\Infrastructure\Utility\Settings;
use Psr\Http\Message\ResponseFactoryInterface;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\MiddlewareInterface;
use Psr\Http\Server\RequestHandlerInterface;

/**
 * Adds Access-Control headers to the response.
 * Documentation: https://samuel-gfeller.ch/docs/API-Endpoint.
 */
final class CorsMiddleware implements MiddlewareInterface
{
    private ?string $allowedOrigin;

    public function __construct(private readonly ResponseFactoryInterface $responseFactory, Settings $settings)
    {
        $this->allowedOrigin = $settings->get('api')['allowed_origin'] ?? null;
    }

    public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
    {
        // Handle all "OPTIONS" pre-flight requests with an empty response
        // https://developer.mozilla.org/en-US/docs/Glossary/Preflight_request
        if ($request->getMethod() === 'OPTIONS') {
            // Skips the rest of the middleware stack and returns the response
            $response = $this->responseFactory->createResponse();
        } else {
            // Continue with the middleware stack
            $response = $handler->handle($request);
        }
        // Add response headers in post-processing before the response is sent
        // https://samuel-gfeller.ch/docs/Slim-Middlewares#order-of-execution
        $response = $response
            ->withHeader('Access-Control-Allow-Credentials', 'true')
            ->withHeader('Access-Control-Allow-Origin', $this->allowedOrigin ?? '')
            ->withHeader('Access-Control-Allow-Headers', '*')
            ->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, PATCH, DELETE, OPTIONS')
            ->withHeader('Cache-Control', 'no-store, no-cache, must-revalidate, max-age=0')
            ->withHeader('Pragma', 'no-cache');

        // Handle warnings and notices, so they won't affect the CORS headers
        if (ob_get_contents()) {
            ob_clean();
        }

        return $response;

    }
}


1		<?php
2
3		namespace App\Application\Middleware;
4
5		use App\Infrastructure\Utility\Settings;
6		use Psr\Http\Message\ResponseFactoryInterface;
7		use Psr\Http\Message\ResponseInterface;
8		use Psr\Http\Message\ServerRequestInterface;
9		use Psr\Http\Server\MiddlewareInterface;
10		use Psr\Http\Server\RequestHandlerInterface;
11
12		/**
13		* Adds Access-Control headers to the response.
14		* Documentation: https://samuel-gfeller.ch/docs/API-Endpoint.
15		*/
16		final class CorsMiddleware implements MiddlewareInterface
17		{
18		private ?string $allowedOrigin;
19
20	1	public function __construct(private readonly ResponseFactoryInterface $responseFactory, Settings $settings)
21		{
22	1	$this->allowedOrigin = $settings->get('api')['allowed_origin'] ?? null;
23		}
24
25	1	public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
26		{
27		// Handle all "OPTIONS" pre-flight requests with an empty response
28		// https://developer.mozilla.org/en-US/docs/Glossary/Preflight_request
29	1	if ($request->getMethod() === 'OPTIONS') {
30		// Skips the rest of the middleware stack and returns the response
31		$response = $this->responseFactory->createResponse();
32		} else {
33		// Continue with the middleware stack
34	1	$response = $handler->handle($request);
35		}
36		// Add response headers in post-processing before the response is sent
37		// https://samuel-gfeller.ch/docs/Slim-Middlewares#order-of-execution
38	1	$response = $response
39	1	->withHeader('Access-Control-Allow-Credentials', 'true')
40	1	->withHeader('Access-Control-Allow-Origin', $this->allowedOrigin ?? '')
41	1	->withHeader('Access-Control-Allow-Headers', '*')
42	1	->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, PATCH, DELETE, OPTIONS')
43	1	->withHeader('Cache-Control', 'no-store, no-cache, must-revalidate, max-age=0')
44	1	->withHeader('Pragma', 'no-cache');
45
46		// Handle warnings and notices, so they won't affect the CORS headers
47	1	if (ob_get_contents()) {
48		ob_clean();
49		}
50
51	1	return $response;
		0 ignored issues – show Bug Best Practice introduced 2024-09-25 12:03 UTC by Report Bug Copy Issue Report The expression `return $response` returns the type `Psr\Http\Message\MessageInterface` which includes types incompatible with the type-hinted return `Psr\Http\Message\ResponseInterface`. Loading history...
52		}
53		}
54

samuelgfeller / slim-starter

CorsMiddleware A last analyzed 2025-06-13 11:45 UTC

Complexity

Size/Duplication

Test Coverage

Importance

2 Methods

Duplication Side-by-Side

Filter issues like

CorsMiddleware A
last analyzed 2025-06-13 11:45 UTC