Mirrors/shlink
1
0
Fork 0
mirror of https://github.com/shlinkio/shlink.git synced 2026-03-06 23:33:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

Ensured CrossDomainMiddleware always returns empty responses with success status on OPTIONS requests

Browse Source
This commit is contained in:
Alejandro Celaya
2020-01-11 20:36:17 +01:00
parent b246815529
commit 09e3464426
4 changed files with 50 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
module/Rest/src/Middleware/CrossDomainMiddleware.php
View File

@@ -5,6 +5,7 @@ declare(strict_types=1);
namespace Shlinkio\Shlink\Rest\Middleware;
use Fig\Http\Message\RequestMethodInterface;
use Laminas\Diactoros\Response\EmptyResponse;
use Mezzio\Router\RouteResult;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
@@ -12,6 +13,7 @@ use Psr\Http\Server\MiddlewareInterface;
use Psr\Http\Server\RequestHandlerInterface;
use Shlinkio\Shlink\Rest\Authentication;
use function array_merge;
use function implode;
class CrossDomainMiddleware implements MiddlewareInterface, RequestMethodInterface
@@ -53,10 +55,7 @@ class CrossDomainMiddleware implements MiddlewareInterface, RequestMethodInterfa
'Access-Control-Allow-Headers' => $request->getHeaderLine('Access-Control-Request-Headers'),
];
foreach ($corsHeaders as $key => $value) {
$response = $response->withHeader($key, $value);
}
return $response;
// Options requests should always be empty and have a 204 status code
return EmptyResponse::withHeaders(array_merge($response->getHeaders(), $corsHeaders));
}
}