nas
/
todo_api
Observar 2
Favorito 1
Fork 0
Código Issues 1 Pull requests 0 Versões 0 Wiki Atividade
api de gestion de ticket, basé sur php-crud-api. Le but est de décorrélé les outils de gestion des données, afin
Você não pode selecionar mais de 25 tópicos Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') e podem ter até 35 caracteres.
1048 Commits
1 Branch
Tag: 7562ca591c
Branches Tags
${ item.name }
Criar branch ${ searchTerm }
de 7562ca591c
${ noResults }
todo_api/src/Tqdev/PhpCrudApi/Middleware/CorsMiddleware.php

CorsMiddleware.php 2.2KB
Histórico Original

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253 
  1. <?php

  2. namespace Tqdev\PhpCrudApi\Middleware;

  3. 

  4. use Tqdev\PhpCrudApi\Controller\Responder;

  5. use Tqdev\PhpCrudApi\Record\ErrorCode;

  6. use Tqdev\PhpCrudApi\Request;

  7. use Tqdev\PhpCrudApi\Response;

  8. use Tqdev\PhpCrudApi\Middleware\Base\Middleware;

  9. 

  10. class CorsMiddleware extends Middleware

  11. {

  12.     private function isOriginAllowed(String $origin, String $allowedOrigins): bool

  13.     {

  14.         $found = false;

  15.         foreach (explode(',', $allowedOrigins) as $allowedOrigin) {

  16.             $hostname = preg_quote(strtolower(trim($allowedOrigin)));

  17.             $regex = '/^' . str_replace('\*', '.*', $hostname) . '$/';

  18.             if (preg_match($regex, $origin)) {

  19.                 $found = true;

  20.                 break;

  21.             }

  22.         }

  23.         return $found;

  24.     }

  25. 

  26.     public function handle(Request $request): Response

  27.     {

  28.         $method = $request->getMethod();

  29.         $origin = $request->getHeader('Origin');

  30.         $allowedOrigins = $this->getProperty('allowedOrigins', '*');

  31.         if ($origin && !$this->isOriginAllowed($origin, $allowedOrigins)) {

  32.             $response = $this->responder->error(ErrorCode::ORIGIN_FORBIDDEN, $origin);

  33.         } elseif ($method == 'OPTIONS') {

  34.             $response = new Response(Response::OK, '');

  35.             $allowHeaders = $this->getProperty('allowHeaders', 'Content-Type, X-XSRF-TOKEN');

  36.             $response->addHeader('Access-Control-Allow-Headers', $allowHeaders);

  37.             $allowMethods = $this->getProperty('allowMethods', 'OPTIONS, GET, PUT, POST, DELETE, PATCH');

  38.             $response->addHeader('Access-Control-Allow-Methods', $allowMethods);

  39.             $allowCredentials = $this->getProperty('allowCredentials', 'true');

  40.             $response->addHeader('Access-Control-Allow-Credentials', $allowCredentials);

  41.             $maxAge = $this->getProperty('maxAge', '1728000');

  42.             $response->addHeader('Access-Control-Max-Age', $maxAge);

  43.         } else {

  44.             $response = $this->next->handle($request);

  45.         }

  46.         if ($origin) {

  47.             $allowCredentials = $this->getProperty('allowCredentials', 'true');

  48.             $response->addHeader('Access-Control-Allow-Credentials', $allowCredentials);

  49.             $response->addHeader('Access-Control-Allow-Origin', $origin);

  50.         }

  51.         return $response;

  52.     }

  53. }