Make Cors more robust.

2025-08-14 06:11:35 +08:00 · 2015-02-07 22:02:24 -05:00
parent b0efc654f9
commit 4efb36d309
1 changed files with 17 additions and 19 deletions
--- a/framework/filters/Cors.php
+++ b/framework/filters/Cors.php
@ -149,15 +149,12 @@ class Cors extends ActionFilter
    {
        $responseHeaders = [];
        // handle Origin
-        if (isset($requestHeaders['Origin'])) {
-            if ((in_array('*', $this->cors['Origin']) === true)
-                || (in_array($requestHeaders['Origin'], $this->cors['Origin']))
-            ) {
+        if (isset($requestHeaders['Origin'], $this->cors['Origin'])) {
+            if (in_array('*', $this->cors['Origin']) || in_array($requestHeaders['Origin'], $this->cors['Origin'])) {
                $responseHeaders['Access-Control-Allow-Origin'] = $requestHeaders['Origin'];
            }
        }

-
        $this->prepareAllowHeaders('Headers', $requestHeaders, $responseHeaders);

        if (isset($requestHeaders['Access-Control-Request-Method'])) {
@ -189,22 +186,23 @@ class Cors extends ActionFilter
    {
        $requestHeaderField = 'Access-Control-Request-' . $type;
        $responseHeaderField = 'Access-Control-Allow-' . $type;
-        if (isset($requestHeaders[$requestHeaderField])) {
-            if (in_array('*', $this->cors[$requestHeaderField])) {
-                $responseHeaders[$responseHeaderField] = $this->headerize($requestHeaders[$requestHeaderField]);
-            } else {
-                $requestedData = preg_split("/[\s,]+/", $requestHeaders[$requestHeaderField], -1, PREG_SPLIT_NO_EMPTY);
-                $acceptedData = [];
-                foreach ($requestedData as $req) {
-                    $req = $this->headerize($req);
-                    if (in_array($req, $this->cors[$requestHeaderField])) {
-                        $acceptedData[] = $req;
-                    }
-                }
-                if (empty($acceptedData) === false) {
-                    $responseHeaders[$responseHeaderField] = implode(', ', $acceptedData);
+        if (!isset($requestHeaders[$requestHeaderField], $this->cors[$requestHeaderField])) {
+            return;
+        }
+        if (in_array('*', $this->cors[$requestHeaderField])) {
+            $responseHeaders[$responseHeaderField] = $this->headerize($requestHeaders[$requestHeaderField]);
+        } else {
+            $requestedData = preg_split("/[\\s,]+/", $requestHeaders[$requestHeaderField], -1, PREG_SPLIT_NO_EMPTY);
+            $acceptedData = [];
+            foreach ($requestedData as $req) {
+                $req = $this->headerize($req);
+                if (in_array($req, $this->cors[$requestHeaderField])) {
+                    $acceptedData[] = $req;
                }
            }
+            if (!empty($acceptedData)) {
+                $responseHeaders[$responseHeaderField] = implode(', ', $acceptedData);
+            }
        }
    }