-
-
Save socieboy/b05ca941369063300e8d1617088cc449 to your computer and use it in GitHub Desktop.
Cors/Preflight Middleware for Laravel 5.2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| namespace App\Http\Middleware; | |
| use Closure; | |
| use Symfony\Component\HttpFoundation\Response; | |
| class Cors | |
| { | |
| /** | |
| * Handle an incoming request. | |
| * | |
| * @param \Illuminate\Http\Request $request | |
| * @param \Closure $next | |
| * @return mixed | |
| */ | |
| public function handle($request, Closure $next) | |
| { | |
| $response = $next($request); | |
| if( ! $this->isCorsPath($request) ) | |
| { | |
| return $response; | |
| } | |
| if ( $this->isPreflightRequest($request) ) | |
| { | |
| return $this->buildResponse(); | |
| } | |
| return $this->addHeaders($response); | |
| } | |
| /** | |
| * Create a 'Preflight' response. | |
| * | |
| * @return \Illuminate\Http\Response | |
| */ | |
| protected function buildResponse() | |
| { | |
| $response = new Response('', 204); | |
| return $this->addHeaders($response, true ); | |
| } | |
| /** | |
| * Add the cors/preflight header information to the given response. | |
| * | |
| * @param \Symfony\Component\HttpFoundation\Response $response | |
| * @param boolean $preflight | |
| * @return \Illuminate\Http\Response | |
| */ | |
| protected function addHeaders(Response $response, $preflight = false) | |
| { | |
| $headers = [ | |
| 'Access-Control-Allow-Origin' => '*', | |
| // server side credencial support eg. cookies | |
| //'Access-Control-Allow-Credentials' => 'true' | |
| ]; | |
| if ( $preflight ) | |
| { | |
| $headers['Access-Control-Allow-Headers'] = 'Content-Type, Authorization'; | |
| $headers['Access-Control-Allow-Methods'] = 'GET, POST, PUT, PATCH, DELETE, OPTIONS'; | |
| } | |
| $response->headers->add($headers); | |
| return $response; | |
| } | |
| /** | |
| * Check for a CorsPath request. | |
| * | |
| * @param \Illuminate\Http\Request $request | |
| * @return boolean | |
| */ | |
| protected function isCorsPath($request) | |
| { | |
| return $request->segment(1) == 'api'; | |
| } | |
| /** | |
| * Check for a Preflight request. | |
| * | |
| * @param \Illuminate\Http\Request $request | |
| * @return boolean | |
| */ | |
| protected function isPreflightRequest($request) | |
| { | |
| return $request->isMethod('OPTIONS') && | |
| $request->hasHeader('Access-Control-Request-Method') && | |
| $request->hasHeader('Origin'); | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment