CorsResponseEventSubscriber.php in farmOS 2.x
File
modules/core/api/src/EventSubscriber/CorsResponseEventSubscriber.php
View source
<?php
namespace Drupal\farm_api\EventSubscriber;
use Drupal\Core\Entity\EntityTypeManagerInterface;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\HttpKernel\Event\ResponseEvent;
use Symfony\Component\HttpKernel\KernelEvents;
class CorsResponseEventSubscriber implements EventSubscriberInterface {
protected $entityTypeManager;
public function __construct(EntityTypeManagerInterface $entity_type_manager) {
$this->entityTypeManager = $entity_type_manager;
}
public static function getSubscribedEvents() {
$events[KernelEvents::RESPONSE][] = [
'addCorsHeaders',
];
return $events;
}
public function addCorsHeaders(ResponseEvent $event) {
$request = $event
->getRequest();
$request_headers = $request->headers
->all();
if (empty($request_headers['origin'])) {
return;
}
$request_origin = reset($request_headers['origin']);
$consumers = $this->entityTypeManager
->getStorage('consumer')
->loadMultiple();
$allowed_origins = array_reduce($consumers, function ($carry, $consumer) {
$list = $consumer
->get('allowed_origins');
$list_values = array_map(function ($list_item) {
return $list_item['value'] ? trim($list_item['value']) : NULL;
}, $list
->getValue());
return array_merge($carry, $list_values);
}, []);
if (in_array($request_origin, $allowed_origins)) {
$response = $event
->getResponse();
$response->headers
->set('Access-Control-Allow-Origin', $request_origin, TRUE);
$response->headers
->set('Access-Control-Allow-Credentials', 'true', TRUE);
$response->headers
->set('Access-Control-Allow-Headers', 'Content-Type,Content-Disposition,Authorization,X-CSRF-Token', TRUE);
$response->headers
->set('Access-Control-Allow-Methods', 'GET,POST,PUT,DELETE,HEAD,OPTIONS', TRUE);
$response->headers
->set('Vary', 'Origin', TRUE);
}
}
}