Improved middleware pipeline and added cross-domain headers for ajax requests

config/autoload/middleware-pipeline.global.php

@@ -1,4 +1,5 @@
 <?php
+use Acelaya\UrlShortener\Middleware;
 use Zend\Expressive\Container\ApplicationFactory;
 use Zend\Expressive\Helper;
 
@@ -15,6 +16,20 @@ return [
         'routing' => [
             'middleware' => [
                 ApplicationFactory::ROUTING_MIDDLEWARE,
+            ],
+            'priority' => 10,
+        ],
+
+        'rest' => [
+            'path' => '/rest',
+            'middleware' => [
+                Middleware\CrossDomainMiddleware::class,
+            ],
+            'priority' => 5,
+        ],
+
+        'post-routing' => [
+            'middleware' => [
                 Helper\UrlHelperMiddleware::class,
                 ApplicationFactory::DISPATCH_MIDDLEWARE,
             ],

config/autoload/services.global.php

@@ -49,6 +49,7 @@ return [
             Middleware\Rest\ResolveUrlMiddleware::class => AnnotatedFactory::class,
             Middleware\Rest\GetVisitsMiddleware::class => AnnotatedFactory::class,
             Middleware\Rest\ListShortcodesMiddleware::class => AnnotatedFactory::class,
+            Middleware\CrossDomainMiddleware::class => InvokableFactory::class,
         ],
         'aliases' => [
             'em' => EntityManager::class,

src/Middleware/CrossDomainMiddleware.php

@@ -0,0 +1,51 @@
+<?php
+namespace Acelaya\UrlShortener\Middleware;
+
+use Psr\Http\Message\ResponseInterface as Response;
+use Psr\Http\Message\ServerRequestInterface as Request;
+use Zend\Stratigility\MiddlewareInterface;
+
+class CrossDomainMiddleware implements MiddlewareInterface
+{
+    /**
+     * Process an incoming request and/or response.
+     *
+     * Accepts a server-side request and a response instance, and does
+     * something with them.
+     *
+     * If the response is not complete and/or further processing would not
+     * interfere with the work done in the middleware, or if the middleware
+     * wants to delegate to another process, it can use the `$out` callable
+     * if present.
+     *
+     * If the middleware does not return a value, execution of the current
+     * request is considered complete, and the response instance provided will
+     * be considered the response to return.
+     *
+     * Alternately, the middleware may return a response instance.
+     *
+     * Often, middleware will `return $out();`, with the assumption that a
+     * later middleware will return a response.
+     *
+     * @param Request $request
+     * @param Response $response
+     * @param null|callable $out
+     * @return null|Response
+     */
+    public function __invoke(Request $request, Response $response, callable $out = null)
+    {
+        /** @var Response $response */
+        $response = $out($request, $response);
+
+        if ($request->hasHeader('X-Requested-With')
+            && strtolower($request->getHeaderLine('X-Requested-With')) === 'xmlhttprequest'
+        ) {
+            $response = $response->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS')
+                                 ->withHeader('Access-Control-Max-Age', '1000')
+                                 ->withHeader('Access-Control-Allow-Origin', '*')
+                                 ->withHeader('Access-Control-Allow-Headers', '*');
+        }
+
+        return $response;
+    }
+}