From 9d8678a9b18e60f792c40ba989d5c8f1ce0694db Mon Sep 17 00:00:00 2001 From: smarcet Date: Fri, 23 Oct 2020 17:32:00 -0300 Subject: [PATCH] Updated CORS middleware Change-Id: If0b274bf6d3ff334e7c2005ac3213f580e3b2f68 Signed-off-by: smarcet --- app/Http/Kernel.php | 2 +- composer.json | 7 ++--- composer.lock | 62 +++++++++++++++++++++++++++++++++++++++++++- config/cors.php | 63 +++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 129 insertions(+), 5 deletions(-) create mode 100644 config/cors.php diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php index 7d9ad205..09cf0037 100644 --- a/app/Http/Kernel.php +++ b/app/Http/Kernel.php @@ -71,7 +71,7 @@ class Kernel extends HttpKernel 'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class, 'csrf' => \App\Http\Middleware\VerifyCsrfToken::class, 'oauth2.endpoint' => \App\Http\Middleware\OAuth2BearerAccessTokenRequestValidator::class, - 'cors' => \App\Http\Middleware\CORSMiddleware::class, + 'cors' => \Spatie\Cors\Cors::class, 'oauth2.currentuser.serveradmin' => \App\Http\Middleware\CurrentUserIsOAuth2ServerAdmin::class, 'oauth2.currentuser.serveradmin.json' => \App\Http\Middleware\CurrentUserIsOAuth2ServerAdminJson::class, 'openstackid.currentuser.serveradmin' => \App\Http\Middleware\CurrentUserIsOpenIdServerAdmin::class, diff --git a/composer.json b/composer.json index 0136ec12..75db37f4 100644 --- a/composer.json +++ b/composer.json @@ -26,6 +26,7 @@ "ext-json": "*", "ext-pdo": "*", "beberlei/DoctrineExtensions": "1.1.5", + "behat/transliterator": "^1.2", "doctrine/orm": "2.6.4", "doctrine/persistence": "1.1.1", "ezyang/htmlpurifier": "v4.12.0", @@ -42,16 +43,16 @@ "laravel/framework": "5.6.39", "laravel/tinker": "^1.0", "laravelcollective/html": "5.6.10", + "php-opencloud/openstack": "dev-master", "phpseclib/phpseclib": "2.0.11", "predis/predis": "v1.0.4", "s-ichikawa/laravel-sendgrid-driver": "2.1.0", "smarcet/jose4php": "1.0.17", "sokil/php-isocodes": "^3.0", + "spatie/laravel-cors": "^1.6", "vladimir-yuldashev/laravel-queue-rabbitmq": "v7.5.0", "zendframework/zend-crypt": "3.3.0", - "zendframework/zend-math": "3.1.1", - "behat/transliterator": "^1.2", - "php-opencloud/openstack": "dev-master" + "zendframework/zend-math": "3.1.1" }, "require-dev": { "filp/whoops": "^2.0", diff --git a/composer.lock b/composer.lock index 652ed357..a24f7340 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", "This file is @generated automatically" ], - "content-hash": "854ef28a2d0791b40effd8e07aac9fbd", + "content-hash": "5a4009cbd3ca88e6d46b717bd410d1f2", "packages": [ { "name": "beberlei/doctrineextensions", @@ -4305,6 +4305,66 @@ "description": "ISO country, subdivision, language, currency and script definitions and their translations. Based on pythons pycountry and Debian's iso-codes.", "time": "2020-05-28T22:28:43+00:00" }, + { + "name": "spatie/laravel-cors", + "version": "1.6.0", + "source": { + "type": "git", + "url": "https://github.com/spatie/laravel-cors.git", + "reference": "d74099d57821d5a72ae21416c0be0dcd58779355" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/spatie/laravel-cors/zipball/d74099d57821d5a72ae21416c0be0dcd58779355", + "reference": "d74099d57821d5a72ae21416c0be0dcd58779355", + "shasum": "" + }, + "require": { + "illuminate/support": "5.5.*|5.6.*|5.7.*|5.8.*|^6.0", + "php": "^7.2" + }, + "require-dev": { + "orchestra/testbench": "3.5.*|3.6.*|3.7.*|3.8.*|^4.0", + "phpunit/phpunit": "^8.0" + }, + "type": "library", + "extra": { + "laravel": { + "providers": [ + "Spatie\\Cors\\CorsServiceProvider" + ] + } + }, + "autoload": { + "psr-4": { + "Spatie\\Cors\\": "src" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Freek Van der Herten", + "email": "freek@spatie.be", + "homepage": "https://spatie.be", + "role": "Developer" + } + ], + "description": "Send CORS headers in a Laravel or Lumen application", + "homepage": "https://github.com/spatie/laravel-cors", + "keywords": [ + "ajax", + "api", + "cors", + "laravel-cors", + "request", + "spatie" + ], + "abandoned": "laravel/framework", + "time": "2019-09-04T06:55:15+00:00" + }, { "name": "swiftmailer/swiftmailer", "version": "v6.2.3", diff --git a/config/cors.php b/config/cors.php new file mode 100644 index 00000000..5e86b754 --- /dev/null +++ b/config/cors.php @@ -0,0 +1,63 @@ + Spatie\Cors\CorsProfile\DefaultProfile::class, + + /* + * This configuration is used by `DefaultProfile`. + */ + 'default_profile' => [ + + 'allow_credentials' => false, + + 'allow_origins' => [ + '*', + ], + + 'allow_methods' => [ + 'POST', + 'GET', + 'OPTIONS', + 'PUT', + 'PATCH', + 'DELETE', + ], + + 'allow_headers' => [ + 'Accept', + 'Content-Type', + 'X-Auth-Token', + 'Origin', + 'Authorization', + 'X-Requested-With', + ], + + 'expose_headers' => [ + 'Cache-Control', + 'Content-Language', + 'Content-Type', + 'Expires', + 'Last-Modified', + 'Pragma', + ], + + 'forbidden_response' => [ + 'message' => 'Forbidden (cors).', + 'status' => 403, + ], + + /* + * Preflight request will respond with value for the max age header. + */ + 'max_age' => 60 * 60 * 24, + ], +];