adulau/cakephp2-php8
1
0
Fork 0
mirror of https://github.com/kamilwylegala/cakephp2-php8.git synced 2025-01-31 09:06:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Added option to allowed headers

Browse source
This commit is contained in:
Juan Basso 2014-01-21 15:02:41 -05:00
parent 5d9d62ba57
commit dae756c84a
2 changed files with 37 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
lib/Cake/Network/CakeResponse.php
View file

@ -1263,9 +1263,10 @@ class CakeResponse {
* @param CakeRequest $request Request object * @param CakeRequest $request Request object
* @param string|array $allowedDomains List of allowed domains, see method description for more details * @param string|array $allowedDomains List of allowed domains, see method description for more details
* @param string|array $allowedMethods List of HTTP verbs allowed * @param string|array $allowedMethods List of HTTP verbs allowed
* @param string|array $allowedHeaders List of HTTP headers allowed
* @return void * @return void
*/ */
public function cors(CakeRequest $request, $allowedDomains, $allowedMethods = array()) { public function cors(CakeRequest $request, $allowedDomains, $allowedMethods = array(), $allowedHeaders = array()) {
$origin = $request->header('Origin'); $origin = $request->header('Origin');
if (!$origin) { if (!$origin) {
return; return;
@ -1278,6 +1279,7 @@ class CakeResponse {
} }
$this->header('Access-Control-Allow-Origin', $domain['original'] === '*' ? '*' : $origin); $this->header('Access-Control-Allow-Origin', $domain['original'] === '*' ? '*' : $origin);
$allowedMethods && $this->header('Access-Control-Allow-Methods', implode(', ', (array)$allowedMethods)); $allowedMethods && $this->header('Access-Control-Allow-Methods', implode(', ', (array)$allowedMethods));
$allowedHeaders && $this->header('Access-Control-Allow-Headers', implode(', ', (array)$allowedHeaders));
break; break;
} }
} }

62
lib/Cake/Test/Case/Network/CakeResponseTest.php
View file

@ -1069,31 +1069,33 @@ class CakeResponseTest extends CakeTestCase {
* @param string $origin * @param string $origin
* @param string|array $domains * @param string|array $domains
* @param string|array $methods * @param string|array $methods
* @param string|array $headers
* @param string|boolean $expectedOrigin * @param string|boolean $expectedOrigin
* @param string|boolean $expectedMethods * @param string|boolean $expectedMethods
* @param string|boolean $expectedHeaders
* @return void * @return void
*/ */
public function testCors($request, $origin, $domains, $methods, $expectedOrigin, $expectedMethods) { public function testCors($request, $origin, $domains, $methods, $headers, $expectedOrigin, $expectedMethods = false, $expectedHeaders = false) {
$_SERVER['HTTP_ORIGIN'] = $origin; $_SERVER['HTTP_ORIGIN'] = $origin;
$response = $this->getMock('CakeResponse', array('header')); $response = $this->getMock('CakeResponse', array('header'));
if ($expectedOrigin === false) {
$response->expects($this->never()) $method = $response->expects(!$expectedOrigin ? $this->never() : $this->at(0))->method('header');
->method('header'); $expectedOrigin && $method->with('Access-Control-Allow-Origin', $expectedOrigin ? $expectedOrigin : $this->anything());
} elseif ($expectedMethods === false) {
$response->expects($this->once()) $i = 1;
if ($expectedMethods) {
$response->expects($this->at($i++))
->method('header') ->method('header')
->with('Access-Control-Allow-Origin', $expectedOrigin); ->with('Access-Control-Allow-Methods', $expectedMethods ? $expectedMethods : $this->anything());
} else { }
$response->expects($this->at(0)) if ($expectedHeaders) {
$response->expects($this->at($i++))
->method('header') ->method('header')
->with('Access-Control-Allow-Origin', $expectedOrigin); ->with('Access-Control-Allow-Headers', $expectedHeaders ? $expectedHeaders : $this->anything());
$response->expects($this->at(1))
->method('header')
->with('Access-Control-Allow-Methods', $expectedMethods);
} }
$response->cors($request, $domains, $methods); $response->cors($request, $domains, $methods, $headers);
unset($_SERVER['HTTP_ORIGIN']); unset($_SERVER['HTTP_ORIGIN']);
} }
@ -1112,22 +1114,26 @@ class CakeResponseTest extends CakeTestCase {
->will($this->returnValue(true)); ->will($this->returnValue(true));
return array( return array(
array($fooRequest, null, '*', '', false, false), array($fooRequest, null, '*', '', '', false, false),
array($fooRequest, 'http://www.foo.com', '*', '', '*', false), array($fooRequest, 'http://www.foo.com', '*', '', '', '*', false),
array($fooRequest, 'http://www.foo.com', 'www.foo.com', '', 'http://www.foo.com', false), array($fooRequest, 'http://www.foo.com', 'www.foo.com', '', '', 'http://www.foo.com', false),
array($fooRequest, 'http://www.foo.com', '*.foo.com', '', 'http://www.foo.com', false), array($fooRequest, 'http://www.foo.com', '*.foo.com', '', '', 'http://www.foo.com', false),
array($fooRequest, 'http://www.foo.com', 'http://*.foo.com', '', 'http://www.foo.com', false), array($fooRequest, 'http://www.foo.com', 'http://*.foo.com', '', '', 'http://www.foo.com', false),
array($fooRequest, 'http://www.foo.com', 'https://www.foo.com', '', false, false), array($fooRequest, 'http://www.foo.com', 'https://www.foo.com', '', '', false, false),
array($fooRequest, 'http://www.foo.com', 'https://*.foo.com', '', false, false), array($fooRequest, 'http://www.foo.com', 'https://*.foo.com', '', '', false, false),
array($fooRequest, 'http://www.foo.com', array('*.bar.com', '*.foo.com'), '', 'http://www.foo.com', false), array($fooRequest, 'http://www.foo.com', array('*.bar.com', '*.foo.com'), '', '', 'http://www.foo.com', false),
array($secureRequest, 'https://www.bar.com', 'www.bar.com', '', 'https://www.bar.com', false), array($secureRequest, 'https://www.bar.com', 'www.bar.com', '', '', 'https://www.bar.com', false),
array($secureRequest, 'https://www.bar.com', 'http://www.bar.com', '', false, false), array($secureRequest, 'https://www.bar.com', 'http://www.bar.com', '', '', false, false),
array($secureRequest, 'https://www.bar.com', '*.bar.com', '', 'https://www.bar.com', false), array($secureRequest, 'https://www.bar.com', '*.bar.com', '', '', 'https://www.bar.com', false),
array($fooRequest, 'http://www.foo.com', '*', 'GET', '*', 'GET'), array($fooRequest, 'http://www.foo.com', '*', 'GET', '', '*', 'GET'),
array($fooRequest, 'http://www.foo.com', '*.foo.com', 'GET', 'http://www.foo.com', 'GET'), array($fooRequest, 'http://www.foo.com', '*.foo.com', 'GET', '', 'http://www.foo.com', 'GET'),
array($fooRequest, 'http://www.foo.com', '*.foo.com', array('GET', 'POST'), 'http://www.foo.com', 'GET, POST'), array($fooRequest, 'http://www.foo.com', '*.foo.com', array('GET', 'POST'), '', 'http://www.foo.com', 'GET, POST'),
array($fooRequest, 'http://www.foo.com', '*', '', 'X-CakePHP', '*', false, 'X-CakePHP'),
array($fooRequest, 'http://www.foo.com', '*', '', array('X-CakePHP', 'X-MyApp'), '*', false, 'X-CakePHP, X-MyApp'),
array($fooRequest, 'http://www.foo.com', '*', array('GET', 'OPTIONS'), array('X-CakePHP', 'X-MyApp'), '*', 'GET, OPTIONS', 'X-CakePHP, X-MyApp'),
); );
} }