php/yii2
1
0
Fork 0
mirror of https://github.com/yiisoft/yii2.git synced 2025-08-16 07:11:19 +08:00
Code Issues Packages Projects Releases Wiki Activity

Make Cors more robust.

Browse Source
This commit is contained in:
Qiang Xue
2015-02-07 22:02:24 -05:00
parent b0efc654f9
commit 4efb36d309
1 changed files with 17 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
framework/filters/Cors.php
View File

@ -149,15 +149,12 @@ class Cors extends ActionFilter
{ {
$responseHeaders = []; $responseHeaders = [];
// handle Origin // handle Origin
if (isset($requestHeaders['Origin'])) { if (isset($requestHeaders['Origin'], $this->cors['Origin'])) {
if ((in_array('*', $this->cors['Origin']) === true) if (in_array('*', $this->cors['Origin']) || in_array($requestHeaders['Origin'], $this->cors['Origin'])) {
|| (in_array($requestHeaders['Origin'], $this->cors['Origin']))
) {
$responseHeaders['Access-Control-Allow-Origin'] = $requestHeaders['Origin']; $responseHeaders['Access-Control-Allow-Origin'] = $requestHeaders['Origin'];
} }
} }
$this->prepareAllowHeaders('Headers', $requestHeaders, $responseHeaders); $this->prepareAllowHeaders('Headers', $requestHeaders, $responseHeaders);
if (isset($requestHeaders['Access-Control-Request-Method'])) { if (isset($requestHeaders['Access-Control-Request-Method'])) {
@ -189,11 +186,13 @@ class Cors extends ActionFilter
{ {
$requestHeaderField = 'Access-Control-Request-' . $type; $requestHeaderField = 'Access-Control-Request-' . $type;
$responseHeaderField = 'Access-Control-Allow-' . $type; $responseHeaderField = 'Access-Control-Allow-' . $type;
if (isset($requestHeaders[$requestHeaderField])) { if (!isset($requestHeaders[$requestHeaderField], $this->cors[$requestHeaderField])) {
return;
}
if (in_array('*', $this->cors[$requestHeaderField])) { if (in_array('*', $this->cors[$requestHeaderField])) {
$responseHeaders[$responseHeaderField] = $this->headerize($requestHeaders[$requestHeaderField]); $responseHeaders[$responseHeaderField] = $this->headerize($requestHeaders[$requestHeaderField]);
} else { } else {
$requestedData = preg_split("/[\s,]+/", $requestHeaders[$requestHeaderField], -1, PREG_SPLIT_NO_EMPTY); $requestedData = preg_split("/[\\s,]+/", $requestHeaders[$requestHeaderField], -1, PREG_SPLIT_NO_EMPTY);
$acceptedData = []; $acceptedData = [];
foreach ($requestedData as $req) { foreach ($requestedData as $req) {
$req = $this->headerize($req); $req = $this->headerize($req);
@ -201,12 +200,11 @@ class Cors extends ActionFilter
$acceptedData[] = $req; $acceptedData[] = $req;
} }
} }
if (empty($acceptedData) === false) { if (!empty($acceptedData)) {
$responseHeaders[$responseHeaderField] = implode(', ', $acceptedData); $responseHeaders[$responseHeaderField] = implode(', ', $acceptedData);
} }
} }
} }
}
/** /**
* Adds the CORS headers to the response * Adds the CORS headers to the response