Use bundle to correctly handle CORS for API.

nickygerritsen · nickygerritsen · commit 2b3633528932 · 2024-04-23T18:39:38.000Z
Fixes #2504.
diff --git a/composer.json b/composer.json
@@ -70,6 +70,7 @@
 		"league/commonmark": "^2.3",
 		"mbostock/d3": "^3.5",
 		"nelmio/api-doc-bundle": "^4.11",
+		"nelmio/cors-bundle": "^2.4",
 		"novus/nvd3": "^1.8",
 		"phpdocumentor/reflection-docblock": "^5.3",
 		"phpstan/phpdoc-parser": "^1.25",
diff --git a/composer.lock b/composer.lock
diff --git a/symfony.lock b/symfony.lock
@@ -208,6 +208,18 @@
             "webapp/config/routes/nelmio_api_doc.yaml"
         ]
     },
+    "nelmio/cors-bundle": {
+        "version": "2.4",
+        "recipe": {
+            "repo": "github.com/symfony/recipes",
+            "branch": "main",
+            "version": "1.5",
+            "ref": "6bea22e6c564fba3a1391615cada1437d0bde39c"
+        },
+        "files": [
+            "webapp/config/packages/nelmio_cors.yaml"
+        ]
+    },
     "nette/schema": {
         "version": "v1.2.2"
     },
diff --git a/webapp/config/bundles.php b/webapp/config/bundles.php
@@ -1,4 +1,4 @@
-<?php declare(strict_types=1);
+<?php
 
 return [
     Doctrine\Bundle\DoctrineBundle\DoctrineBundle::class => ['all' => true],
@@ -17,4 +17,5 @@
     DAMA\DoctrineTestBundle\DAMADoctrineTestBundle::class => ['test' => true],
     Twig\Extra\TwigExtraBundle\TwigExtraBundle::class => ['all' => true],
     Sentry\SentryBundle\SentryBundle::class => ['prod' => true],
+    Nelmio\CorsBundle\NelmioCorsBundle::class => ['all' => true],
 ];
diff --git a/webapp/config/packages/nelmio_cors.yaml b/webapp/config/packages/nelmio_cors.yaml
@@ -0,0 +1,7 @@
+nelmio_cors:
+    paths:
+        '^/api':
+            allow_origin: [ '*' ]
+            allow_credentials: true
+            allow_methods: [ 'POST', 'PUT', 'GET', 'DELETE' ]
+            max_age: 3600
diff --git a/webapp/phpunit.xml.dist b/webapp/phpunit.xml.dist
@@ -17,6 +17,10 @@
         <server name="SHELL_VERBOSITY" value="-1"/>
         <server name="SYMFONY_PHPUNIT_REMOVE" value=""/>
         <server name="SYMFONY_PHPUNIT_VERSION" value="9.6" />
+
+        <!-- ###+ nelmio/cors-bundle ### -->
+        <env name="CORS_ALLOW_ORIGIN" value="'^https?://(localhost|127\.0\.0\.1)(:[0-9]+)?$'"/>
+        <!-- ###- nelmio/cors-bundle ### -->
     </php>
     <testsuites>
         <testsuite name="Unit tests">
diff --git a/webapp/src/EventListener/ApiHeadersListener.php b/webapp/src/EventListener/ApiHeadersListener.php
