You are here

Home » API reference » RESTful 7.2 » Resource.php » Resource

protected function Resource::preflight in RESTful 7.2

Adds the Allowed-Origin headers.

Parameters

string $path: The requested path.

1 call to Resource::preflight()
Resource::discover in src/Plugin/resource/Resource.php
Discovery controller callback.

File

src/Plugin/resource/Resource.php, line 655
Contains \Drupal\restful\Plugin\resource\Resource.

Class

Resource

Namespace

Drupal\restful\Plugin\resource

Code

protected function preflight($path) {
  $plugin_definition = $this
    ->getPluginDefinition();
  $header_bag = restful()
    ->getResponse()
    ->getHeaders();

  // Populate the Accept header.
  $accepted_formats = array();
  $formatter_manager = restful()
    ->getFormatterManager();
  if (empty($plugin_definition['formatter'])) {
    foreach ($formatter_manager
      ->getPlugins() as $formatter) {

      /** @var $formatter \Drupal\restful\Plugin\formatter\FormatterInterface */
      $header_bag
        ->append(HttpHeader::create('Accept', $formatter
        ->getContentTypeHeader()));
    }
  }
  else {
    try {
      $accepted_format = $formatter_manager
        ->getPlugin($plugin_definition['formatter'])
        ->getContentTypeHeader();
      $header_bag
        ->add(HttpHeader::create('Accept', $accepted_format));
    } catch (PluginNotFoundException $e) {
      throw new NotImplementedException($e
        ->getMessage());
    }
  }
  $allowed_origin = empty($plugin_definition['allowOrigin']) ? variable_get('restful_allowed_origin', NULL) : $plugin_definition['allowOrigin'];

  // Always add the allow origin if configured.
  if ($allowed_origin) {
    $header_bag
      ->add(HttpHeader::create('Access-Control-Allow-Origin', check_plain($allowed_origin)));

    // @see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Requests_with_credentials
    $accepts_credentials = $allowed_origin == '*' ? 'false' : 'true';
    $header_bag
      ->add(HttpHeader::create('Access-Control-Allow-Credentials', $accepts_credentials));
  }

  // Make sure the Access-Control-Allow-Methods is populated.
  $allowed_methods = array();
  foreach ($this
    ->getControllers() as $pattern => $controllers) {

    // Find the controllers for the provided path.
    if ($pattern == $path || $pattern && preg_match('/' . $pattern . '/', $path)) {
      foreach ($controllers as $method => $controller) {
        if (is_array($controller)) {

          // If there is a custom access method for this endpoint check it.
          if (!empty($selected_controller['access callback']) && !ResourceManager::executeCallback(array(
            $this,
            $selected_controller['access callback'],
          ), array(
            $path,
          ))) {

            // There is no access for this method.
            continue;
          }
        }
        $allowed_methods[] = $method;
      }
      $header_bag
        ->add(HttpHeader::create('Access-Control-Allow-Methods', implode(',', $allowed_methods)));
      break;
    }
  }
}