Code Coverage for /app/server/src/App/Middleware/CorsMiddleware.php

	Code Coverage
	Lines			Functions and Methods				Classes and Traits
Total	100.00% covered (success)	100.00%	17 / 17	100.00% covered (success)	100.00%	3 / 3	CRAP	100.00% covered (success)	100.00%	1 / 1
CorsMiddleware	100.00% covered (success)	100.00%	17 / 17	100.00% covered (success)	100.00%	3 / 3	5	100.00% covered (success)	100.00%	1 / 1
__construct	100.00% covered (success)	100.00%	1 / 1	100.00% covered (success)	100.00%	1 / 1	1
process	100.00% covered (success)	100.00%	7 / 7	100.00% covered (success)	100.00%	1 / 1	2
withCorsHeaders	100.00% covered (success)	100.00%	9 / 9	100.00% covered (success)	100.00%	1 / 1	2

1	<?php
2
3	/**
4	* PSR-15 CORS middleware.
5	* Reads Origin from the request and returns it in Access-Control-Allow-Origin (accept that origin).
6	*/
7	declare(strict_types=1);
8
9	use Psr\Http\Message\ResponseFactoryInterface;
10	use Psr\Http\Message\ResponseInterface;
11	use Psr\Http\Message\ServerRequestInterface;
12	use Psr\Http\Server\MiddlewareInterface;
13	use Psr\Http\Server\RequestHandlerInterface;
14
15	class CorsMiddleware implements MiddlewareInterface
16	{
17	private ResponseFactoryInterface $responseFactory;
18
19	public function __construct(ResponseFactoryInterface $responseFactory)
20	{
21	$this->responseFactory = $responseFactory;
22	}
23
24	public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
25	{
26	if (strtoupper($request->getMethod()) === 'OPTIONS') {
27	return $this->withCorsHeaders(
28	$this->responseFactory->createResponse(204),
29	$request
30	)->withHeader('Access-Control-Max-Age', '3600');
31	}
32
33	$response = $handler->handle($request);
34	return $this->withCorsHeaders($response, $request);
35	}
36
37	private function withCorsHeaders(ResponseInterface $response, ServerRequestInterface $request): ResponseInterface
38	{
39	$origin = $request->getHeaderLine('Origin');
40
41	$response = $response
42	->withHeader('Access-Control-Allow-Credentials', 'true')
43	->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, PATCH, OPTIONS')
44	->withHeader('Access-Control-Allow-Headers', 'Content-Type, Accept-Language, *')
45	->withHeader('Access-Control-Expose-Headers', 'Content-Length, Content-Range');
46
47	if ($origin !== '') {
48	$response = $response->withHeader('Access-Control-Allow-Origin', $origin);
49	}
50
51	return $response;
52	}
53	}
54	?>