php/yii2
1
0
Fork 0
mirror of https://github.com/yiisoft/yii2.git synced 2025-08-26 14:26:54 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fixes #5423: yii\behaviors\Cors causes "undefined index" error when its cors is configured

Browse Source
This commit is contained in:
Qiang Xue
2014-10-08 23:31:40 -04:00
parent 12a7c38e8e
commit 046b56ce8f
2 changed files with 16 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
framework/CHANGELOG.md
View File

@ -9,6 +9,7 @@ Yii Framework 2 Change Log
- Bug #5314: Fixed typo in the implementation of `yii\web\Session::getHasSessionId()` (qiangxue)
- Bug #5323: Nested dropdown does not work for `yii\bootstrap\DropDown` (aryraditya)
- Bug #5336: `yii\bootstrap\DropDown` should register bootstrap plugin asset (zelenin)
- Bug #5423: `yii\behaviors\Cors` causes "undefined index" error when its `cors` is configured (qiangxue)
- Bug: Date and time formatting now assumes UTC as the timezone for input dates unless a timezone is explicitly given (cebe)
- Enh #4040: Added `$viewFile` and `$params` to the `EVENT_BEFORE_RENDER` and `EVENT_AFTER_RENDER` events for `View` (qiangxue)
- Enh #4275: Added `removeChildren()` to `yii\rbac\ManagerInterface` and implementations (samdark)

15
framework/filters/Cors.php
View File

@ -15,7 +15,7 @@ use yii\web\Response;
/**
* Cors filter implements [Cross Origin Resource Sharing](http://en.wikipedia.org/wiki/Cross-origin_resource_sharing).
* Make sure to read carefully what CORS does and does not. CORS do not secure your API,
* but allow the developper to grant access to third party code (ajax calls from external domain)
* but allow the developer to grant access to third party code (ajax calls from external domain)
*
* You may use CORS filter by attaching it as a behavior to a controller or module, like the following,
*
@ -148,7 +148,8 @@ class Cors extends ActionFilter
// handle Origin
if (isset($requestHeaders['Origin'])) {
if ((in_array('*', $this->cors['Origin']) === true)
|| (in_array($requestHeaders['Origin'], $this->cors['Origin']))) {
|| (in_array($requestHeaders['Origin'], $this->cors['Origin']))
) {
$responseHeaders['Access-Control-Allow-Origin'] = $requestHeaders['Origin'];
}
}
@ -160,13 +161,11 @@ class Cors extends ActionFilter
$responseHeaders['Access-Control-Allow-Methods'] = implode(', ', $this->cors['Access-Control-Request-Method']);
}
if ($this->cors['Access-Control-Allow-Credentials'] === true) {
$responseHeaders['Access-Control-Allow-Credentials'] = 'true';
} elseif ($this->cors['Access-Control-Allow-Credentials'] === false) {
$responseHeaders['Access-Control-Allow-Credentials'] = 'false';
if (isset($this->cors['Access-Control-Allow-Credentials'])) {
$responseHeaders['Access-Control-Allow-Credentials'] = $this->cors['Access-Control-Allow-Credentials'] ? 'true' : 'false';
}
if (($_SERVER['REQUEST_METHOD'] === 'OPTIONS') && ($this->cors['Access-Control-Max-Age'] !== null)) {
if (isset($this->cors['Access-Control-Max-Age']) && Yii::$app->getRequest()->getIsOptions()) {
$responseHeaders['Access-Control-Max-Age'] = $this->cors['Access-Control-Max-Age'];
}
@ -226,7 +225,7 @@ class Cors extends ActionFilter
*/
protected function headerize($string)
{
$headers = preg_split("/[\s,]+/", $string, -1, PREG_SPLIT_NO_EMPTY);
$headers = preg_split("/[\\s,]+/", $string, -1, PREG_SPLIT_NO_EMPTY);
$headers = array_map(function ($element) {
return str_replace(' ', '-', ucwords(strtolower(str_replace(['_', '-'], [' ', ' '], $element))));
}, $headers);