php/yii2
1
0
Fork 0
mirror of https://github.com/yiisoft/yii2.git synced 2025-08-16 15:21:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

Make Cors more robust.

Browse Source
This commit is contained in:
Qiang Xue
2015-02-07 22:02:24 -05:00
parent b0efc654f9
commit 4efb36d309
1 changed files with 17 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
framework/filters/Cors.php
View File

@ -149,15 +149,12 @@ class Cors extends ActionFilter
{ {
$responseHeaders = []; $responseHeaders = [];
// handle Origin // handle Origin
if (isset($requestHeaders['Origin'])) { if (isset($requestHeaders['Origin'], $this->cors['Origin'])) {
if ((in_array('*', $this->cors['Origin']) === true) if (in_array('*', $this->cors['Origin']) || in_array($requestHeaders['Origin'], $this->cors['Origin'])) {
|| (in_array($requestHeaders['Origin'], $this->cors['Origin']))
) {
$responseHeaders['Access-Control-Allow-Origin'] = $requestHeaders['Origin']; $responseHeaders['Access-Control-Allow-Origin'] = $requestHeaders['Origin'];
} }
} }
$this->prepareAllowHeaders('Headers', $requestHeaders, $responseHeaders); $this->prepareAllowHeaders('Headers', $requestHeaders, $responseHeaders);
if (isset($requestHeaders['Access-Control-Request-Method'])) { if (isset($requestHeaders['Access-Control-Request-Method'])) {
@ -189,22 +186,23 @@ class Cors extends ActionFilter
{ {
$requestHeaderField = 'Access-Control-Request-' . $type; $requestHeaderField = 'Access-Control-Request-' . $type;
$responseHeaderField = 'Access-Control-Allow-' . $type; $responseHeaderField = 'Access-Control-Allow-' . $type;
if (isset($requestHeaders[$requestHeaderField])) { if (!isset($requestHeaders[$requestHeaderField], $this->cors[$requestHeaderField])) {
if (in_array('*', $this->cors[$requestHeaderField])) { return;
$responseHeaders[$responseHeaderField] = $this->headerize($requestHeaders[$requestHeaderField]); }
} else { if (in_array('*', $this->cors[$requestHeaderField])) {
$requestedData = preg_split("/[\s,]+/", $requestHeaders[$requestHeaderField], -1, PREG_SPLIT_NO_EMPTY); $responseHeaders[$responseHeaderField] = $this->headerize($requestHeaders[$requestHeaderField]);
$acceptedData = []; } else {
foreach ($requestedData as $req) { $requestedData = preg_split("/[\\s,]+/", $requestHeaders[$requestHeaderField], -1, PREG_SPLIT_NO_EMPTY);
$req = $this->headerize($req); $acceptedData = [];
if (in_array($req, $this->cors[$requestHeaderField])) { foreach ($requestedData as $req) {
$acceptedData[] = $req; $req = $this->headerize($req);
} if (in_array($req, $this->cors[$requestHeaderField])) {
} $acceptedData[] = $req;
if (empty($acceptedData) === false) {
$responseHeaders[$responseHeaderField] = implode(', ', $acceptedData);
} }
} }
if (!empty($acceptedData)) {
$responseHeaders[$responseHeaderField] = implode(', ', $acceptedData);
}
} }
} }