public function CorsResponseEventSubscriber::addCorsHeaders in farmOS 2.x
Adds CORS headers to the response.
Parameters
\Symfony\Component\HttpKernel\Event\ResponseEvent $event: The response event.
File
- modules/
core/ api/ src/ EventSubscriber/ CorsResponseEventSubscriber.php, line 49
Class
- CorsResponseEventSubscriber
- Responds to the Kernel Response event to add CORS headers.
Namespace
Drupal\farm_api\EventSubscriberCode
public function addCorsHeaders(ResponseEvent $event) {
// Get the request headers.
$request = $event
->getRequest();
$request_headers = $request->headers
->all();
// Bail if the request has no origin header.
if (empty($request_headers['origin'])) {
return;
}
$request_origin = reset($request_headers['origin']);
// Load allowed_origins from all consumer entities.
$consumers = $this->entityTypeManager
->getStorage('consumer')
->loadMultiple();
$allowed_origins = array_reduce($consumers, function ($carry, $consumer) {
/** @var \Drupal\Core\Field\FieldItemListInterface $list */
$list = $consumer
->get('allowed_origins');
$list_values = array_map(function ($list_item) {
return $list_item['value'] ? trim($list_item['value']) : NULL;
}, $list
->getValue());
return array_merge($carry, $list_values);
}, []);
// Set the response headers if the request origin is allowed.
if (in_array($request_origin, $allowed_origins)) {
$response = $event
->getResponse();
$response->headers
->set('Access-Control-Allow-Origin', $request_origin, TRUE);
$response->headers
->set('Access-Control-Allow-Credentials', 'true', TRUE);
$response->headers
->set('Access-Control-Allow-Headers', 'Content-Type,Content-Disposition,Authorization,X-CSRF-Token', TRUE);
$response->headers
->set('Access-Control-Allow-Methods', 'GET,POST,PUT,DELETE,HEAD,OPTIONS', TRUE);
$response->headers
->set('Vary', 'Origin', TRUE);
}
}