mirror of
https://github.com/kamilwylegala/cakephp2-php8.git
synced 2024-11-15 11:28:25 +00:00
Merge pull request #2692 from jrbasso/2.5-cors
Added support to cross origin requests
This commit is contained in:
Mark Story
commit
6eb5a38f22
2 changed files with 145 additions and 0 deletions
|
|
@ -1240,6 +1240,75 @@ class CakeResponse {
|
|||
$this->_cookies[$options['name']] = $options;
|
||||
}
|
||||
|
||||
/**
|
||||
* Setup access for origin and methods on cross origin requests
|
||||
*
|
||||
* This method allow multiple ways to setup the domains, see the examples
|
||||
*
|
||||
* ### Full URI
|
||||
* e.g `cors($request, 'http://www.cakephp.org');`
|
||||
*
|
||||
* ### URI with wildcard
|
||||
* e.g `cors($request, 'http://*.cakephp.org');`
|
||||
*
|
||||
* ### Ignoring the requested protocol
|
||||
* e.g `cors($request, 'www.cakephp.org');`
|
||||
*
|
||||
* ### Any URI
|
||||
* e.g `cors($request, '*');`
|
||||
*
|
||||
* ### Whitelist of URIs
|
||||
* e.g `cors($request, array('http://www.cakephp.org', '*.google.com', 'https://myproject.github.io'));`
|
||||
*
|
||||
* @param CakeRequest $request Request object
|
||||
* @param string|array $allowedDomains List of allowed domains, see method description for more details
|
||||
* @param string|array $allowedMethods List of HTTP verbs allowed
|
||||
* @param string|array $allowedHeaders List of HTTP headers allowed
|
||||
* @return void
|
||||
*/
|
||||
public function cors(CakeRequest $request, $allowedDomains, $allowedMethods = array(), $allowedHeaders = array()) {
|
||||
$origin = $request->header('Origin');
|
||||
if (!$origin) {
|
||||
return;
|
||||
}
|
||||
|
||||
$allowedDomains = $this->_normalizeCorsDomains((array)$allowedDomains, $request->is('ssl'));
|
||||
foreach ($allowedDomains as $domain) {
|
||||
if (!preg_match($domain['preg'], $origin)) {
|
||||
continue;
|
||||
}
|
||||
$this->header('Access-Control-Allow-Origin', $domain['original'] === '*' ? '*' : $origin);
|
||||
$allowedMethods && $this->header('Access-Control-Allow-Methods', implode(', ', (array)$allowedMethods));
|
||||
$allowedHeaders && $this->header('Access-Control-Allow-Headers', implode(', ', (array)$allowedHeaders));
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Normalize the origin to regular expressions and put in an array format
|
||||
*
|
||||
* @param array $domains
|
||||
* @param boolean $requestIsSSL
|
||||
* @return array
|
||||
*/
|
||||
protected function _normalizeCorsDomains($domains, $requestIsSSL = false) {
|
||||
$result = array();
|
||||
foreach ($domains as $domain) {
|
||||
if ($domain === '*') {
|
||||
$result[] = array('preg' => '@.@', 'original' => '*');
|
||||
continue;
|
||||
}
|
||||
|
||||
$original = $preg = $domain;
|
||||
if (strpos($domain, '://') === false) {
|
||||
$preg = ($requestIsSSL ? 'https://' : 'http://') . $domain;
|
||||
}
|
||||
$preg = '@' . str_replace('*', '.*', $domain) . '@';
|
||||
$result[] = compact('original', 'preg');
|
||||
}
|
||||
return $result;
|
||||
}
|
||||
|
||||
/**
|
||||
* Setup for display or download the given file.
|
||||
*
|
||||
|
|
|
|||
|
|
@ -1061,6 +1061,82 @@ class CakeResponseTest extends CakeTestCase {
|
|||
$this->assertEquals($expected, $result);
|
||||
}
|
||||
|
||||
/**
|
||||
* Test CORS
|
||||
*
|
||||
* @dataProvider corsData
|
||||
* @param CakeRequest $request
|
||||
* @param string $origin
|
||||
* @param string|array $domains
|
||||
* @param string|array $methods
|
||||
* @param string|array $headers
|
||||
* @param string|boolean $expectedOrigin
|
||||
* @param string|boolean $expectedMethods
|
||||
* @param string|boolean $expectedHeaders
|
||||
* @return void
|
||||
*/
|
||||
public function testCors($request, $origin, $domains, $methods, $headers, $expectedOrigin, $expectedMethods = false, $expectedHeaders = false) {
|
||||
$_SERVER['HTTP_ORIGIN'] = $origin;
|
||||
|
||||
$response = $this->getMock('CakeResponse', array('header'));
|
||||
|
||||
$method = $response->expects(!$expectedOrigin ? $this->never() : $this->at(0))->method('header');
|
||||
$expectedOrigin && $method->with('Access-Control-Allow-Origin', $expectedOrigin ? $expectedOrigin : $this->anything());
|
||||
|
||||
$i = 1;
|
||||
if ($expectedMethods) {
|
||||
$response->expects($this->at($i++))
|
||||
->method('header')
|
||||
->with('Access-Control-Allow-Methods', $expectedMethods ? $expectedMethods : $this->anything());
|
||||
}
|
||||
if ($expectedHeaders) {
|
||||
$response->expects($this->at($i++))
|
||||
->method('header')
|
||||
->with('Access-Control-Allow-Headers', $expectedHeaders ? $expectedHeaders : $this->anything());
|
||||
}
|
||||
|
||||
$response->cors($request, $domains, $methods, $headers);
|
||||
unset($_SERVER['HTTP_ORIGIN']);
|
||||
}
|
||||
|
||||
/**
|
||||
* Feed for testCors
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
public function corsData() {
|
||||
$fooRequest = new CakeRequest();
|
||||
|
||||
$secureRequest = $this->getMock('CakeRequest', array('is'));
|
||||
$secureRequest->expects($this->any())
|
||||
->method('is')
|
||||
->with('ssl')
|
||||
->will($this->returnValue(true));
|
||||
|
||||
return array(
|
||||
array($fooRequest, null, '*', '', '', false, false),
|
||||
array($fooRequest, 'http://www.foo.com', '*', '', '', '*', false),
|
||||
array($fooRequest, 'http://www.foo.com', 'www.foo.com', '', '', 'http://www.foo.com', false),
|
||||
array($fooRequest, 'http://www.foo.com', '*.foo.com', '', '', 'http://www.foo.com', false),
|
||||
array($fooRequest, 'http://www.foo.com', 'http://*.foo.com', '', '', 'http://www.foo.com', false),
|
||||
array($fooRequest, 'http://www.foo.com', 'https://www.foo.com', '', '', false, false),
|
||||
array($fooRequest, 'http://www.foo.com', 'https://*.foo.com', '', '', false, false),
|
||||
array($fooRequest, 'http://www.foo.com', array('*.bar.com', '*.foo.com'), '', '', 'http://www.foo.com', false),
|
||||
|
||||
array($secureRequest, 'https://www.bar.com', 'www.bar.com', '', '', 'https://www.bar.com', false),
|
||||
array($secureRequest, 'https://www.bar.com', 'http://www.bar.com', '', '', false, false),
|
||||
array($secureRequest, 'https://www.bar.com', '*.bar.com', '', '', 'https://www.bar.com', false),
|
||||
|
||||
array($fooRequest, 'http://www.foo.com', '*', 'GET', '', '*', 'GET'),
|
||||
array($fooRequest, 'http://www.foo.com', '*.foo.com', 'GET', '', 'http://www.foo.com', 'GET'),
|
||||
array($fooRequest, 'http://www.foo.com', '*.foo.com', array('GET', 'POST'), '', 'http://www.foo.com', 'GET, POST'),
|
||||
|
||||
array($fooRequest, 'http://www.foo.com', '*', '', 'X-CakePHP', '*', false, 'X-CakePHP'),
|
||||
array($fooRequest, 'http://www.foo.com', '*', '', array('X-CakePHP', 'X-MyApp'), '*', false, 'X-CakePHP, X-MyApp'),
|
||||
array($fooRequest, 'http://www.foo.com', '*', array('GET', 'OPTIONS'), array('X-CakePHP', 'X-MyApp'), '*', 'GET, OPTIONS', 'X-CakePHP, X-MyApp'),
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* testFileNotFound
|
||||
*
|
||||
|
|
|
|||
Loading…
Reference in a new issue