|
@@ -45,7 +45,10 @@ class CorsMiddleware extends Middleware
|
45
|
45
|
$response = $this->responder->error(ErrorCode::ORIGIN_FORBIDDEN, $origin);
|
46
|
46
|
} elseif ($method == 'OPTIONS') {
|
47
|
47
|
$response = ResponseFactory::fromStatus(ResponseFactory::OK);
|
48
|
|
- $allowHeaders = $this->getProperty('allowHeaders', 'Content-Type, X-XSRF-TOKEN, X-Authorization, X-Debug-Info, X-Exception-Name, X-Exception-Message, X-Exception-File');
|
|
48
|
+ $allowHeaders = $this->getProperty('allowHeaders', 'Content-Type, X-XSRF-TOKEN, X-Authorization');
|
|
49
|
+ if ($this->debug) {
|
|
50
|
+ $allowHeaders = implode(', ', array_filter([$allowHeaders, 'X-Exception-Name, X-Exception-Message, X-Exception-File']));
|
|
51
|
+ }
|
49
|
52
|
if ($allowHeaders) {
|
50
|
53
|
$response = $response->withHeader('Access-Control-Allow-Headers', $allowHeaders);
|
51
|
54
|
}
|
|
@@ -61,7 +64,10 @@ class CorsMiddleware extends Middleware
|
61
|
64
|
if ($maxAge) {
|
62
|
65
|
$response = $response->withHeader('Access-Control-Max-Age', $maxAge);
|
63
|
66
|
}
|
64
|
|
- $exposeHeaders = $this->getProperty('exposeHeaders', 'X-Debug-Info, X-Exception-Name, X-Exception-Message, X-Exception-File');
|
|
67
|
+ $exposeHeaders = $this->getProperty('exposeHeaders', '');
|
|
68
|
+ if ($this->debug) {
|
|
69
|
+ $exposeHeaders = implode(', ', array_filter([$exposeHeaders, 'X-Exception-Name, X-Exception-Message, X-Exception-File']));
|
|
70
|
+ }
|
65
|
71
|
if ($exposeHeaders) {
|
66
|
72
|
$response = $response->withHeader('Access-Control-Expose-Headers', $exposeHeaders);
|
67
|
73
|
}
|