CORS configuration options in HTTP DI extension

5 years ago
finwe
Member | 58
+
0
-

I'll be happy to prepare a pull request where

http:
    cors:
        allow-origin:
		    - localhost
		    - live.domain
        allow-methods: [POST, GET, PATCH, OPTIONS, HEAD]
        allow-headers: [Accept, Content-Type, Authorization]

will create headers accordingly in Container initialize method:

$response = $this->getService('http.response');
$response->setHeader('Access-Control-Allow-Headers', 'Accept, Content-Type, Authorization');
$response->setHeader('Access-Control-Allow-Methods', 'POST, GET, PATCH, OPTIONS, HEAD');

$request = $this->getService('http.request');
$origin = $request->getOrigin(); // pseudo code
if (in_array($origin, ['localhost', 'live.domain'])) {
	$response->setHeader('Access-Control-Allow-Origin', $origin);
}