|
1
|
|
|
<?php |
|
2
|
|
|
namespace Shlinkio\Shlink\Rest\Middleware; |
|
3
|
|
|
|
|
4
|
|
|
use Interop\Http\ServerMiddleware\DelegateInterface; |
|
5
|
|
|
use Interop\Http\ServerMiddleware\MiddlewareInterface; |
|
6
|
|
|
use Psr\Http\Message\ResponseInterface as Response; |
|
7
|
|
|
use Psr\Http\Message\ServerRequestInterface as Request; |
|
8
|
|
|
|
|
9
|
|
|
class CrossDomainMiddleware implements MiddlewareInterface |
|
10
|
|
|
{ |
|
11
|
|
|
/** |
|
12
|
|
|
* Process an incoming server request and return a response, optionally delegating |
|
13
|
|
|
* to the next middleware component to create the response. |
|
14
|
|
|
* |
|
15
|
|
|
* @param Request $request |
|
16
|
|
|
* @param DelegateInterface $delegate |
|
17
|
|
|
* |
|
18
|
|
|
* @return Response |
|
19
|
|
|
*/ |
|
20
|
3 |
|
public function process(Request $request, DelegateInterface $delegate) |
|
21
|
|
|
{ |
|
22
|
|
|
/** @var Response $response */ |
|
23
|
3 |
|
$response = $delegate->process($request); |
|
24
|
3 |
|
if (! $request->hasHeader('Origin')) { |
|
25
|
1 |
|
return $response; |
|
26
|
|
|
} |
|
27
|
|
|
|
|
28
|
|
|
// Add Allow-Origin header |
|
29
|
2 |
|
$response = $response->withHeader('Access-Control-Allow-Origin', $request->getHeader('Origin')) |
|
30
|
2 |
|
->withHeader('Access-Control-Expose-Headers', 'Authorization'); |
|
31
|
2 |
|
if ($request->getMethod() !== 'OPTIONS') { |
|
32
|
1 |
|
return $response; |
|
33
|
|
|
} |
|
34
|
|
|
|
|
35
|
|
|
// Add OPTIONS-specific headers |
|
36
|
|
|
foreach ([ |
|
37
|
1 |
|
'Access-Control-Allow-Methods' => 'GET,POST,PUT,DELETE,OPTIONS', // TODO Should be based on path |
|
38
|
1 |
|
'Access-Control-Max-Age' => '1000', |
|
39
|
1 |
|
'Access-Control-Allow-Headers' => $request->getHeaderLine('Access-Control-Request-Headers'), |
|
40
|
1 |
|
] as $key => $value) { |
|
41
|
1 |
|
$response = $response->withHeader($key, $value); |
|
42
|
1 |
|
} |
|
43
|
|
|
|
|
44
|
1 |
|
return $response; |
|
45
|
|
|
} |
|
46
|
|
|
} |
|
47
|
|
|
|
shlinkio /
shlink
