-
-
Notifications
You must be signed in to change notification settings - Fork 14
/
Copy pathCors.php
75 lines (60 loc) · 2.12 KB
/
Cors.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
<?php
declare(strict_types=1);
namespace Mezzio\Cors\Service;
use Fig\Http\Message\RequestMethodInterface;
use InvalidArgumentException;
use Mezzio\Cors\Exception\InvalidOriginValueException;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Message\UriFactoryInterface;
use Psr\Http\Message\UriInterface;
use Webmozart\Assert\Assert;
use function strtoupper;
use function trim;
final class Cors implements CorsInterface
{
/** @var UriFactoryInterface */
private $uriFactory;
public function __construct(UriFactoryInterface $uriFactory)
{
$this->uriFactory = $uriFactory;
}
public function isPreflightRequest(ServerRequestInterface $request): bool
{
return $this->isCorsRequest($request)
&& strtoupper($request->getMethod()) === RequestMethodInterface::METHOD_OPTIONS
&& $request->hasHeader('Access-Control-Request-Method');
}
public function isCorsRequest(ServerRequestInterface $request): bool
{
$origin = $this->origin($request);
if (! $origin instanceof UriInterface) {
return false;
}
$uri = $request->getUri();
return $uri->getScheme() !== $origin->getScheme()
|| $uri->getPort() !== $origin->getPort()
|| $uri->getHost() !== $origin->getHost();
}
private function origin(ServerRequestInterface $request): ?UriInterface
{
$origin = $request->getHeaderLine('Origin');
if (trim($origin) === '') {
return null;
}
try {
return $this->uriFactory->createUri($origin);
} catch (InvalidArgumentException $exception) {
throw InvalidOriginValueException::fromThrowable($origin, $exception);
}
}
public function metadata(ServerRequestInterface $request): CorsMetadata
{
$origin = $this->origin($request);
Assert::isInstanceOf($origin, UriInterface::class);
return new CorsMetadata(
$origin,
$request->getUri(),
strtoupper($request->getHeaderLine('Access-Control-Request-Method') ?: $request->getMethod())
);
}
}