From bd36c65a7347fbea387f2a6c65c4dd59dc76c34b Mon Sep 17 00:00:00 2001 From: Alejandro Celaya Date: Tue, 5 Jul 2016 19:08:34 +0200 Subject: [PATCH] Fixed some cross-origin issues --- config/autoload/routes.global.php | 2 +- src/Middleware/CrossDomainMiddleware.php | 13 +++++++------ src/Middleware/Rest/AuthenticateMiddleware.php | 4 ++++ src/Middleware/Rest/CreateShortcodeMiddleware.php | 5 +++-- 4 files changed, 15 insertions(+), 9 deletions(-) diff --git a/config/autoload/routes.global.php b/config/autoload/routes.global.php index 7ffdbc74..06e5f733 100644 --- a/config/autoload/routes.global.php +++ b/config/autoload/routes.global.php @@ -17,7 +17,7 @@ return [ 'name' => 'rest-authenticate', 'path' => '/rest/authenticate', 'middleware' => Rest\AuthenticateMiddleware::class, - 'allowed_methods' => ['POST'], + 'allowed_methods' => ['POST', 'OPTIONS'], ], [ 'name' => 'rest-create-shortcode', diff --git a/src/Middleware/CrossDomainMiddleware.php b/src/Middleware/CrossDomainMiddleware.php index c762ed83..c76d4d73 100644 --- a/src/Middleware/CrossDomainMiddleware.php +++ b/src/Middleware/CrossDomainMiddleware.php @@ -37,15 +37,16 @@ class CrossDomainMiddleware implements MiddlewareInterface /** @var Response $response */ $response = $out($request, $response); - if ($request->hasHeader('X-Requested-With') - && strtolower($request->getHeaderLine('X-Requested-With')) === 'xmlhttprequest' - ) { + if (strtolower($request->getMethod()) === 'options') { $response = $response->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS') ->withHeader('Access-Control-Max-Age', '1000') - ->withHeader('Access-Control-Allow-Origin', '*') - ->withHeader('Access-Control-Allow-Headers', '*'); + ->withHeader( + // Allow all requested headers + 'Access-Control-Allow-Headers', + $request->getHeaderLine('Access-Control-Request-Headers') + ); } - return $response; + return $response->withHeader('Access-Control-Allow-Origin', '*'); } } diff --git a/src/Middleware/Rest/AuthenticateMiddleware.php b/src/Middleware/Rest/AuthenticateMiddleware.php index 0189b249..85d12330 100644 --- a/src/Middleware/Rest/AuthenticateMiddleware.php +++ b/src/Middleware/Rest/AuthenticateMiddleware.php @@ -56,6 +56,10 @@ class AuthenticateMiddleware implements MiddlewareInterface */ public function __invoke(Request $request, Response $response, callable $out = null) { + if (strtolower($request->getMethod()) === 'options') { + return $response; + } + $authData = $request->getParsedBody(); if (! isset($authData['username'], $authData['password'])) { return new JsonResponse([ diff --git a/src/Middleware/Rest/CreateShortcodeMiddleware.php b/src/Middleware/Rest/CreateShortcodeMiddleware.php index 1e723d48..b68c551c 100644 --- a/src/Middleware/Rest/CreateShortcodeMiddleware.php +++ b/src/Middleware/Rest/CreateShortcodeMiddleware.php @@ -74,14 +74,15 @@ class CreateShortcodeMiddleware implements MiddlewareInterface $longUrl = $postData['longUrl']; try { - $shortcode = $this->urlShortener->urlToShortCode(new Uri($longUrl)); - $shortUrl = (new Uri())->withPath($shortcode) + $shortCode = $this->urlShortener->urlToShortCode(new Uri($longUrl)); + $shortUrl = (new Uri())->withPath($shortCode) ->withScheme($this->domainConfig['schema']) ->withHost($this->domainConfig['hostname']); return new JsonResponse([ 'longUrl' => $longUrl, 'shortUrl' => $shortUrl->__toString(), + 'shortCode' => $shortCode, ]); } catch (InvalidUrlException $e) { return new JsonResponse([