Closed MacDada closed 7 years ago
That would be a really great feature for the CORS protocol to define natively. But since it doesn't it would be great for a library like this to handle it. Could you submit a pull request with your modifications? That would be the quickest way to get it released to everyone.
Yeah, but I need to rethink how would it be implemented "the proper way". In my project, for now, it is just a little hacking:
Cors
:
private function allowOrigin(Request $request)
{
if ($this->app["cors.allowOrigin"] === '*') {
$this->app["cors.allowOrigin"] = null;
}
$origin = $request->headers->get("Origin");
if (is_null($this->app["cors.allowOrigin"])) {
$this->app["cors.allowOrigin"] = $origin;
}
$originDomain = $this->parseUrlDomain($origin);
if (false === $originDomain) {
return false;
}
return in_array($originDomain, preg_split('/\s+/', $this->app["cors.allowOrigin"])) ? $origin : "null";
}
private function parseUrlDomain($url)
{
$host = parse_url($url, PHP_URL_HOST);
if (false === $host) {
return false;
}
$hostNames = explode('.', $host);
// last 2 components ("example.com" from "m.example.com")
return $hostNames[count($hostNames) - 2].'.'.$hostNames[count($hostNames) - 1];
}
Usage in App
:
protected function enableCorsRequests(array $allowedDomains)
{
$this->register(new \JDesrosiers\Silex\Provider\CorsServiceProvider(), [
'cors.allowMethods' => 'GET,POST',
'cors.allowOrigin' => join(' ', $allowedDomains),
]);
$app = $this;
$this['cors'] = $this->share(function () use ($app) {
return new My\Overriden\Cors($app);
});
$this->after($this['cors']);
}
BTW, this would break for example on http://example.co.uk
:
$hostNames[count($hostNames) - 2].'.'.$hostNames[count($hostNames) - 1];
I have a basic implementation of this on master now if you want to check it out.
Hi,
in my app I cannot specify all exact hosts that should be accepted. I need to whitelist all subdomains for some domain. Whitelisting any protocol would be nice as well (although I need two,
http
andhttps
, so it's not much duplication).I don't want to do:
http://example.com https://example.com http://mobile.example.com https://mobile.example.com
… I don't even know which subdomains are ok, I need them all.I want to do something like
*.example.com
and this should match all the above.I've implemented it myself, but it required copy–pasting and modifying
Cors
class, as it's not extensible in any way (no composition and its methods are private).