Add CORS headers on non-Origin requests (#73)

barryvdh · web-flow · commit 6f6a23e3c71d · 2020-04-18T15:17:39.000+02:00
* Always run CORS on actual requests

* Add test that it runs always
diff --git a/src/Cors.php b/src/Cors.php
@@ -45,10 +45,6 @@ public function __construct(HttpKernelInterface $app, array $options = array())
 
     public function handle(Request $request, $type = HttpKernelInterface::MASTER_REQUEST, $catch = true)
     {
-        if (!$this->cors->isCorsRequest($request)) {
-            return $this->app->handle($request, $type, $catch);
-        }
-
         if ($this->cors->isPreflightRequest($request)) {
             return $this->cors->handlePreflightRequest($request);
         }
diff --git a/tests/CorsTest.php b/tests/CorsTest.php
@@ -22,21 +22,20 @@ class CorsTest extends TestCase
     /**
      * @test
      */
-    public function it_does_not_modify_on_a_request_without_origin()
+    public function it_does_modify_on_a_request_without_origin()
     {
         $app                = $this->createStackedApp();
         $unmodifiedResponse = new Response();
 
         $response = $app->handle(new Request());
 
-        $this->assertEquals($unmodifiedResponse->headers, $response->headers);
+        $this->assertEquals('localhost', $response->headers->get('Access-Control-Allow-Origin'));
     }
 
-
     /**
      * @test
      */
-    public function it_does_not_modify_on_a_request_with_same_origin()
+    public function it_does_modify_on_a_request_with_same_origin()
     {
         $app = $this->createStackedApp(array('allowedOrigins' => array('*')));
         $unmodifiedResponse = new Response();
@@ -45,10 +44,8 @@ public function it_does_not_modify_on_a_request_with_same_origin()
         $request->headers->set('Host', 'foo.com');
         $request->headers->set('Origin', 'http://foo.com');
         $response = $app->handle($request);
-        $unmodifiedResponse->headers->date = '';
-        $response->headers->date = '';
 
-        $this->assertEquals($unmodifiedResponse->headers, $response->headers);
+        $this->assertEquals('*', $response->headers->get('Access-Control-Allow-Origin'));
     }
 
     /**

Original file line number	Diff line number	Diff line change
`@@ -45,10 +45,6 @@ public function __construct(HttpKernelInterface $app, array $options = array())`
`45`	`45`
`46`	`46`	`public function handle(Request $request, $type = HttpKernelInterface::MASTER_REQUEST, $catch = true)`
`47`	`47`	`{`
`48`		`- if (!$this->cors->isCorsRequest($request)) {`
`49`		`- return $this->app->handle($request, $type, $catch);`
`50`		`- }`
`51`		`-`
`52`	`48`	`if ($this->cors->isPreflightRequest($request)) {`
`53`	`49`	`return $this->cors->handlePreflightRequest($request);`
`54`	`50`	`}`