Mirrors/shlink
1
0
Fork 0
mirror of https://github.com/shlinkio/shlink.git synced 2026-03-06 23:33:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

Make sure Access-Control-Allow-Credentials is always set if configured

Browse Source
This commit is contained in:
Alejandro Celaya
2025-10-03 10:03:42 +02:00
parent 98b504a2de
commit b01f271f72
5 changed files with 54 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
module/Core/src/Config/Options/CorsOptions.php
View File

@@ -37,7 +37,19 @@ final readonly class CorsOptions
);
}
public function responseWithAllowOrigin(RequestInterface $request, ResponseInterface $response): ResponseInterface
/**
* Creates a new response which contains the CORS headers that apply to provided request
*/
public function responseWithCorsHeaders(RequestInterface $request, ResponseInterface $response): ResponseInterface
{
$response = $this->responseWithAllowOrigin($request, $response);
return $this->allowCredentials ? $response->withHeader('Access-Control-Allow-Credentials', 'true') : $response;
}
/**
* If applicable, a new response with the appropriate Access-Control-Allow-Origin header is returned
*/
private function responseWithAllowOrigin(RequestInterface $request, ResponseInterface $response): ResponseInterface
{
if ($this->allowOrigins === '*') {
return $response->withHeader('Access-Control-Allow-Origin', '*');