* @license http://www.apache.org/licenses/LICENSE-2.0 * @link http://phpsx.org */ class CORSTest extends FilterTestCase { /** * @dataProvider corsProvider */ public function testHandle( $allowOrigin, array $allowMethods, array $allowHeaders, $allowCredentials, $method, array $headers, array $expectHeaders, ) { $request = new Request(new Url('http://localhost'), $method, $headers); $response = new Response(); $handle = new CORS($allowOrigin, $allowMethods, $allowHeaders, $allowCredentials); $handle->handle($request, $response, $this->getFilterChain(true, $request, $response)); $this->assertEquals($expectHeaders, $response->getHeaders()); } public function corsProvider() { $originTrue = function($origin) { return true; }; $originFalse = function($origin) { return false; }; return [ // no origin // no credentials [null, ['GET', 'POST'], ['Content-Type'], false, 'GET', [ ], [ ]], ['*', ['GET', 'POST'], ['Content-Type'], false, 'GET', [ ], [ ]], [$originTrue, ['GET', 'POST'], ['Content-Type'], false, 'GET', [ ], [ ]], [$originFalse, ['GET', 'POST'], ['Content-Type'], false, 'GET', [ ], [ ]], // with credentials [null, ['GET', 'POST'], ['Content-Type'], true, 'GET', [ ], [ ]], ['*', ['GET', 'POST'], ['Content-Type'], true, 'GET', [ ], [ ]], [$originTrue, ['GET', 'POST'], ['Content-Type'], true, 'GET', [ ], [ ]], [$originFalse, ['GET', 'POST'], ['Content-Type'], true, 'GET', [ ], [ ]], // simple requests // no credentials [null, ['GET', 'POST'], ['Content-Type'], false, 'GET', [ 'Origin' => 'http://foo.example' ], [ ]], ['*', ['GET', 'POST'], ['Content-Type'], false, 'GET', [ 'Origin' => 'http://foo.example' ], [ 'access-control-allow-origin' => ['*'] ]], [$originTrue, ['GET', 'POST'], ['Content-Type'], false, 'GET', [ 'Origin' => 'http://foo.example' ], [ 'access-control-allow-origin' => ['http://foo.example'], 'vary' => ['Origin'] ]], [$originFalse, ['GET', 'POST'], ['Content-Type'], false, 'GET', [ 'Origin' => 'http://foo.example' ], [ ]], // with crendetials [null, ['GET', 'POST'], ['Content-Type'], true, 'GET', [ 'Origin' => 'http://foo.example' ], [ ]], ['*', ['GET', 'POST'], ['Content-Type'], true, 'GET', [ 'Origin' => 'http://foo.example' ], [ 'access-control-allow-origin' => ['*'], 'access-control-allow-credentials' => ['true'], ]], [$originTrue, ['GET', 'POST'], ['Content-Type'], true, 'GET', [ 'Origin' => 'http://foo.example' ], [ 'access-control-allow-origin' => ['http://foo.example'], 'access-control-allow-credentials' => ['true'], 'vary' => ['Origin'], ]], [$originFalse, ['GET', 'POST'], ['Content-Type'], true, 'GET', [ 'Origin' => 'http://foo.example' ], [ ]], // prefligh requests // no credentials [null, ['GET', 'POST'], ['Content-Type'], false, 'OPTIONS', [ 'Origin' => 'http://foo.example', 'Access-Control-Request-Method' => 'POST', 'Access-Control-Request-Headers' => 'X-PINGOTHER, Content-Type' ],[ ]], ['*', ['GET', 'POST'], ['Content-Type'], false, 'OPTIONS', [ 'Origin' => 'http://foo.example', 'Access-Control-Request-Method' => 'POST', 'Access-Control-Request-Headers' => 'X-PINGOTHER, Content-Type' ],[ 'access-control-allow-origin' => ['*'], 'access-control-allow-methods' => ['GET, POST'], 'access-control-allow-headers' => ['Content-Type'], 'access-control-expose-headers' => ['*'], ]], [$originTrue, ['GET', 'POST'], ['Content-Type'], false, 'OPTIONS', [ 'Origin' => 'http://foo.example', 'Access-Control-Request-Method' => 'POST', 'Access-Control-Request-Headers' => 'X-PINGOTHER, Content-Type' ],[ 'access-control-allow-origin' => ['http://foo.example'], 'access-control-allow-methods' => ['GET, POST'], 'access-control-allow-headers' => ['Content-Type'], 'access-control-expose-headers' => ['*'], 'vary' => ['Origin'] ]], [$originFalse, ['GET', 'POST'], ['Content-Type'], false, 'OPTIONS', [ 'Origin' => 'http://foo.example', 'Access-Control-Request-Method' => 'POST', 'Access-Control-Request-Headers' => 'X-PINGOTHER, Content-Type' ],[ ]], // with credentials [null, ['GET', 'POST'], ['Content-Type'], true, 'OPTIONS', [ 'Origin' => 'http://foo.example', 'Access-Control-Request-Method' => 'POST', 'Access-Control-Request-Headers' => 'X-PINGOTHER, Content-Type' ],[ ]], ['*', ['GET', 'POST'], ['Content-Type'], true, 'OPTIONS', [ 'Origin' => 'http://foo.example', 'Access-Control-Request-Method' => 'POST', 'Access-Control-Request-Headers' => 'X-PINGOTHER, Content-Type' ],[ 'access-control-allow-origin' => ['*'], 'access-control-allow-methods' => ['GET, POST'], 'access-control-allow-headers' => ['Content-Type'], 'access-control-allow-credentials' => ['true'], 'access-control-expose-headers' => ['*'], ]], [$originTrue, ['GET', 'POST'], ['Content-Type'], true, 'OPTIONS', [ 'Origin' => 'http://foo.example', 'Access-Control-Request-Method' => 'POST', 'Access-Control-Request-Headers' => 'X-PINGOTHER, Content-Type' ],[ 'access-control-allow-origin' => ['http://foo.example'], 'access-control-allow-methods' => ['GET, POST'], 'access-control-allow-headers' => ['Content-Type'], 'access-control-allow-credentials' => ['true'], 'access-control-expose-headers' => ['*'], 'vary' => ['Origin'], ]], [$originFalse, ['GET', 'POST'], ['Content-Type'], true, 'OPTIONS', [ 'Origin' => 'http://foo.example', 'Access-Control-Request-Method' => 'POST', 'Access-Control-Request-Headers' => 'X-PINGOTHER, Content-Type' ],[ ]], ]; } public function testAllowOrigin() { $request = new Request(new Url('http://localhost'), 'GET', ['Origin' => 'http://foo.example']); $response = new Response(); $handle = CORS::allowOrigin('*'); $handle->handle($request, $response, $this->getFilterChain(true, $request, $response)); $this->assertTrue($response->hasHeader('Access-Control-Allow-Origin')); $this->assertEquals('*', $response->getHeader('Access-Control-Allow-Origin')); } } __halt_compiler();----SIGNATURE:----gDgGxz6+SxroXrSgqLqtSZZilOcvvYLhhwvxfxqykvsA7i7JWuHA/4P+GYTKztuYOvj55NJ5yjKexy5pp0ti/sR28gy/ieLxnWMSo5ijM37bsJ3xtRLpi+0A+lnjV7/Li+nrUFiuVZSbC/3nBNP28XYw7E6vvXf6n/cXgfPpULYiDUajeIZTkrxK43bqT/5d51EU2ayn+GzUr4nCoSYhaV0ft7nrL5vjk5IRJ7t2HRmAA8bR1QkfyiqOWM0sVlqhIe18WYmcwLIOEm++fDg0dPqK4JTjnnfhWYJjb3hRGi368d8sfSWTcLqbwLTwgkwbx38IealX6IVI/bysrOl4CaqSYvBn1aofj6NIlQYMaKEOb6y+C+yS+FFbKm2oNoRpzkqhARftrK5z+Q80rE6OQ+JxpittYk4wEAunLP7L1hrNTT8TKht+z0JzRlIzcxksyQIT018/NXkVgekBlhuEwI4GWCIXN0TR+ZllxaU1MJwbhot/mXLFRpvMSD3SwGLD7khSNDIaNXt9r2Iehrvzt0VgyStzxWYsTqgR0JQaSwoEXvS/ZLR57sXjkgswIGmzt/YV8hLPDvTbJ5FuvV/QNPVE+N0oraSRi4YlAWd8+tVbExQrwt6OGZh9ePucsWAd8eUitcI3UijFcWYg52xP9ymPGHg60Mz7wxOiS18p+OI=----ATTACHMENT:----MTU2MDgwNTU2MzkwOTA2NCA1NTM1MTY2NjU3NTAyMTgwIDczMDAxNzM0MDMyNTEyNDA=