File tree Expand file tree Collapse file tree 3 files changed +29
-8
lines changed Expand file tree Collapse file tree 3 files changed +29
-8
lines changed Original file line number Diff line number Diff line change @@ -45,8 +45,16 @@ public function __construct(HttpKernelInterface $app, array $options = array())
45
45
46
46
public function handle (Request $ request , $ type = HttpKernelInterface::MASTER_REQUEST , $ catch = true )
47
47
{
48
- if ($ this ->cors ->isPreflightRequest ($ request )) {
49
- return $ this ->cors ->handlePreflightRequest ($ request );
48
+ if ($ request ->getMethod () === 'OPTIONS ' ) {
49
+ if ($ this ->cors ->isPreflightRequest ($ request )) {
50
+ $ response = $ this ->cors ->handlePreflightRequest ($ request );
51
+ } else {
52
+ $ response = $ this ->app ->handle ($ request , $ type , $ catch );
53
+ }
54
+
55
+ $ this ->cors ->varyHeader ($ response , 'Access-Control-Request-Method ' );
56
+
57
+ return $ response ;
50
58
}
51
59
52
60
$ response = $ this ->app ->handle ($ request , $ type , $ catch );
Original file line number Diff line number Diff line change @@ -69,9 +69,7 @@ public function isCorsRequest(Request $request)
69
69
70
70
public function isPreflightRequest (Request $ request )
71
71
{
72
- return $ this ->isCorsRequest ($ request )
73
- && $ request ->getMethod () === 'OPTIONS '
74
- && $ request ->headers ->has ('Access-Control-Request-Method ' );
72
+ return $ request ->getMethod () === 'OPTIONS ' && $ request ->headers ->has ('Access-Control-Request-Method ' );
75
73
}
76
74
77
75
public function handlePreflightRequest (Request $ request )
@@ -213,11 +211,11 @@ private function configureMaxAge(Response $response, Request $request)
213
211
}
214
212
}
215
213
216
- private function varyHeader (Response $ response , $ header )
214
+ public function varyHeader (Response $ response , $ header )
217
215
{
218
216
if (!$ response ->headers ->has ('Vary ' )) {
219
217
$ response ->headers ->set ('Vary ' , $ header );
220
- } else {
218
+ } elseif (! in_array ( $ header , explode ( ' , ' , $ response -> headers -> get ( ' Vary ' )))) {
221
219
$ response ->headers ->set ('Vary ' , $ response ->headers ->get ('Vary ' ) . ', ' . $ header );
222
220
}
223
221
}
Original file line number Diff line number Diff line change @@ -105,7 +105,7 @@ public function it_returns_allow_headers_header_on_allow_all_headers_request_cre
105
105
106
106
$ this ->assertEquals (204 , $ response ->getStatusCode ());
107
107
$ this ->assertEquals ('Foo, BAR ' , $ response ->headers ->get ('Access-Control-Allow-Headers ' ));
108
- $ this ->assertEquals ('Access-Control-Request-Headers ' , $ response ->headers ->get ('Vary ' ));
108
+ $ this ->assertStringContainsString ('Access-Control-Request-Headers ' , $ response ->headers ->get ('Vary ' ));
109
109
}
110
110
111
111
/**
@@ -304,6 +304,20 @@ public function it_returns_access_control_headers_on_cors_request_with_pattern_o
304
304
$ this ->assertEquals ('Origin ' , $ response ->headers ->get ('Vary ' ));
305
305
}
306
306
307
+ /**
308
+ * @test
309
+ */
310
+ public function it_adds_vary_headers_on_preflight_non_preflight_options ()
311
+ {
312
+ $ app = $ this ->createStackedApp ();
313
+ $ request = new Request ();
314
+ $ request ->setMethod ('OPTIONS ' );
315
+
316
+ $ response = $ app ->handle ($ request );
317
+
318
+ $ this ->assertEquals ('Access-Control-Request-Method ' , $ response ->headers ->get ('Vary ' ));
319
+ }
320
+
307
321
/**
308
322
* @test
309
323
*/
@@ -316,6 +330,7 @@ public function it_returns_access_control_headers_on_valid_preflight_request()
316
330
317
331
$ this ->assertTrue ($ response ->headers ->has ('Access-Control-Allow-Origin ' ));
318
332
$ this ->assertEquals ('http://localhost ' , $ response ->headers ->get ('Access-Control-Allow-Origin ' ));
333
+ $ this ->assertEquals ('Access-Control-Request-Method ' , $ response ->headers ->get ('Vary ' ));
319
334
}
320
335
321
336
/**
You can’t perform that action at this time.
0 commit comments