Return * as origin if configured

wernerdweight · Dec 10, 2019 · bbcde3e · bbcde3e
1 parent fde4c81
commit bbcde3e
Showing 1 changed file with 17 additions and 2 deletions.
diff --git a/src/Service/CORSResolver.php b/src/Service/CORSResolver.php
@@ -11,6 +11,7 @@
 use WernerDweight\CORSBundle\Event\GetResponseHeadersEvent;
 use WernerDweight\CORSBundle\Event\PreflightRequestInterceptedEvent;
 use WernerDweight\CORSBundle\Exception\PreflightRequestInterceptedException;
+use WernerDweight\RA\RA;
 
 class CORSResolver
 {
@@ -32,6 +33,8 @@ class CORSResolver
     private const TRUE_VALUE = 'true';
     /** @var string */
     private const HEADER_VALUE_SEPARATOR = ', ';
+    /** @var string */
+    private const ANY_ORIGIN = '*';
 
     /** @var ConfigurationProvider */
     private $configurationProvider;
@@ -70,6 +73,18 @@ public function resolve(Request $request): void
         throw new PreflightRequestInterceptedException($event->getResponse());
     }
 
+    /**
+     * @param RA          $allowOrigin
+     * @param string|null $origin
+     *
+     * @return bool
+     */
+    private function isOriginAllowed(RA $allowOrigin, ?string $origin): bool
+    {
+        return true === $allowOrigin->contains(self::ANY_ORIGIN) ||
+            (null !== $origin && true === $allowOrigin->contains($origin));
+    }
+
     /**
      * @param Request $request
      *
@@ -86,8 +101,8 @@ public function getHeaders(Request $request): array
         $allowOrigin = $this->configurationProvider->getAllowOrigin();
         if ($allowOrigin->length() > 0) {
             $origin = $request->headers->get(self::HEADER_ORIGIN);
-            if (null !== $origin && $allowOrigin->contains($origin)) {
-                $headers[self::HEADER_ALLOW_ORIGIN] = $origin;
+            if (true === $this->isOriginAllowed($allowOrigin, $origin)) {
+                $headers[self::HEADER_ALLOW_ORIGIN] = $origin ?: self::ANY_ORIGIN;
             }
         }