From 6c82c3e953df9697bf5337cf4cda074be55c6a19 Mon Sep 17 00:00:00 2001 From: pushrbx Date: Tue, 23 May 2023 20:30:30 +0100 Subject: [PATCH] improved CORS support once again --- app/Http/Middleware/CorsMiddleware.php | 51 ++++++++++++++++---------- bootstrap/app.php | 1 + config/cors.php | 9 +++++ 3 files changed, 42 insertions(+), 19 deletions(-) create mode 100644 config/cors.php diff --git a/app/Http/Middleware/CorsMiddleware.php b/app/Http/Middleware/CorsMiddleware.php index de8cc4e..6fff41d 100644 --- a/app/Http/Middleware/CorsMiddleware.php +++ b/app/Http/Middleware/CorsMiddleware.php @@ -2,36 +2,49 @@ namespace App\Http\Middleware; -use Illuminate\Http\Request; +use Fruitcake\Cors\CorsService; +use Illuminate\Contracts\Container\Container; use Illuminate\Http\Response; use Illuminate\Http\JsonResponse; use Illuminate\Http\RedirectResponse; +use Illuminate\Http\Middleware\HandleCors; use Laravel\Lumen\Http\ResponseFactory; -class CorsMiddleware +class CorsMiddleware extends HandleCors { - public function __construct(private readonly ResponseFactory $responseFactory) + public function __construct(Container $container, CorsService $cors, private readonly ResponseFactory $responseFactory) { + parent::__construct($container, $cors); } - public function handle(Request $request, \Closure $next): Response | JsonResponse | RedirectResponse + public function handle($request, \Closure $next): Response | JsonResponse | RedirectResponse { - if ($request->isMethod('OPTIONS')) { - $headers = [ - 'Access-Control-Allow-Origin' => '*', - 'Access-Control-Allow-Methods' => 'GET, OPTIONS', - 'Access-Control-Max-Age' => '86400', - 'Accept-Control-Allow-Headers' => 'Accept,Accept-Encoding,DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range', - 'Content-Type' => 'text/plain', - 'Content-Length' => '0' - ]; - $response = $this->responseFactory->make("", 204, $headers); - $response->setProtocolVersion("1.1"); - } - else { - $response = $next($request); + if (! $this->hasMatchingPath($request)) { + return $next($request); } - return $response; + $this->cors->setOptions($this->container['config']->get('cors', [])); + + if ($this->cors->isPreflightRequest($request)) { + $symfonyResponse = $this->cors->handlePreflightRequest($request); + + $this->cors->varyHeader($symfonyResponse, 'Access-Control-Request-Method'); + $lumenResponse = $this->responseFactory->make($symfonyResponse->getContent(), $symfonyResponse->getStatusCode(), $symfonyResponse->headers->all()); + $lumenResponse->setProtocolVersion("1.1"); + + return $lumenResponse; + } + + $response = $next($request); + + if ($request->getMethod() === 'OPTIONS') { + $this->cors->varyHeader($response, 'Access-Control-Request-Method'); + } + + $symfonyResponse = $this->cors->addActualRequestHeaders($response, $request); + $lumenResponse = $this->responseFactory->make($symfonyResponse->getContent(), $symfonyResponse->getStatusCode(), $symfonyResponse->headers->all()); + $lumenResponse->setProtocolVersion("1.1"); + + return $lumenResponse; } } diff --git a/bootstrap/app.php b/bootstrap/app.php index b08ba5b..99f0156 100644 --- a/bootstrap/app.php +++ b/bootstrap/app.php @@ -83,6 +83,7 @@ if (env('INSIGHTS', false)) { } if (env('CORS_MIDDLEWARE', false)) { + $app->configure('cors'); $globalMiddleware[] = \App\Http\Middleware\CorsMiddleware::class; } diff --git a/config/cors.php b/config/cors.php new file mode 100644 index 0000000..b493858 --- /dev/null +++ b/config/cors.php @@ -0,0 +1,9 @@ + ['*'], + 'allowed_methods' => ['GET', 'OPTIONS'], + 'allowed_origins' => ['*'], + 'allowed_headers' => ['Accept,Accept-Encoding,DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range'], + 'max_age' => 86400, + 'supports_credentials' => false, +];