You are here

Home » API reference » CORS 8 » CorsResponseEventSubscriber.php » CorsResponseEventSubscriber

public function CorsResponseEventSubscriber::addCorsHeaders in CORS 8

Adds CORS headers to the response.

Parameters

\Symfony\Component\HttpKernel\Event\FilterResponseEvent $event: The GET response event.

File

src/EventSubscriber/CorsResponseEventSubscriber.php, line 65
Contains Drupal\cors\EventSubscriber\CorsResponseEventSubscriber

Class

CorsResponseEventSubscriber
Response Event Subscriber for adding CORS headers.

Namespace

Drupal\cors\EventSubscriber

Code

public function addCorsHeaders(FilterResponseEvent $event) {
  $domains = $this->config
    ->get('domains');
  $request = $event
    ->getRequest();
  $path_info = $request
    ->getPathInfo();
  $current_path = $this->aliasManager
    ->getPathByAlias($path_info);
  $request_headers = $request->headers
    ->all();
  $headers = array(
    'all' => array(
      'Access-Control-Allow-Origin' => array(),
      'Access-Control-Allow-Credentials' => array(),
    ),
    'OPTIONS' => array(
      'Access-Control-Allow-Methods' => array(),
      'Access-Control-Allow-Headers' => array(),
    ),
  );
  foreach ($domains as $path => $settings) {
    $settings = explode("|", $settings);
    $page_match = $this->pathMatcher
      ->matchPath($current_path, $path);
    if ($current_path != $path_info) {
      $page_match = $page_match || $this->pathMatcher
        ->matchPath($path_info, $path);
    }
    if ($page_match) {
      if (!empty($settings[0])) {
        $origins = explode(',', trim($settings[0]));
        foreach ($origins as $origin) {
          if ($origin === '<mirror>') {
            if (!empty($request_headers['Origin'])) {
              $headers['all']['Access-Control-Allow-Origin'][] = $request_headers['Origin'];
            }
          }
          else {
            $headers['all']['Access-Control-Allow-Origin'][] = $origin;
          }
        }
      }
      if (!empty($settings[1])) {
        $headers['OPTIONS']['Access-Control-Allow-Methods'] = explode(',', trim($settings[1]));
      }
      if (!empty($settings[2])) {
        $headers['OPTIONS']['Access-Control-Allow-Headers'] = explode(',', trim($settings[2]));
      }
      if (!empty($settings[3])) {
        $headers['all']['Access-Control-Allow-Credentials'] = explode(',', trim($settings[3]));
      }
    }
  }
  $response = $event
    ->getResponse();
  foreach ($headers as $method => $allowed) {
    $current_method = $request
      ->getMethod();
    if ($method === 'all' || $method === $current_method) {
      foreach ($allowed as $header => $values) {
        if (!empty($values)) {
          foreach ($values as $value) {
            $response->headers
              ->set($header, $value, TRUE);
          }
        }
      }
    }
  }
}