public function CorsResponseEventSubscriber::addCorsHeaders in farmOS 2.x

Adds CORS headers to the response.

Parameters

\Symfony\Component\HttpKernel\Event\ResponseEvent $event: The response event.

File

modules/core/api/src/EventSubscriber/CorsResponseEventSubscriber.php, line 49

Class

CorsResponseEventSubscriber

Responds to the Kernel Response event to add CORS headers.

Namespace

Drupal\farm_api\EventSubscriber

Code

public function addCorsHeaders(ResponseEvent $event) {

  // Get the request headers.
  $request = $event
    ->getRequest();
  $request_headers = $request->headers
    ->all();

  // Bail if the request has no origin header.
  if (empty($request_headers['origin'])) {
    return;
  }
  $request_origin = reset($request_headers['origin']);

  // Load allowed_origins from all consumer entities.
  $consumers = $this->entityTypeManager
    ->getStorage('consumer')
    ->loadMultiple();
  $allowed_origins = array_reduce($consumers, function ($carry, $consumer) {

    /** @var \Drupal\Core\Field\FieldItemListInterface $list */
    $list = $consumer
      ->get('allowed_origins');
    $list_values = array_map(function ($list_item) {
      return $list_item['value'] ? trim($list_item['value']) : NULL;
    }, $list
      ->getValue());
    return array_merge($carry, $list_values);
  }, []);

  // Set the response headers if the request origin is allowed.
  if (in_array($request_origin, $allowed_origins)) {
    $response = $event
      ->getResponse();
    $response->headers
      ->set('Access-Control-Allow-Origin', $request_origin, TRUE);
    $response->headers
      ->set('Access-Control-Allow-Credentials', 'true', TRUE);
    $response->headers
      ->set('Access-Control-Allow-Headers', 'Content-Type,Content-Disposition,Authorization,X-CSRF-Token', TRUE);
    $response->headers
      ->set('Access-Control-Allow-Methods', 'GET,POST,PUT,DELETE,HEAD,OPTIONS', TRUE);
    $response->headers
      ->set('Vary', 'Origin', TRUE);
  }
}