cors_8php_source.html

<?php


namespace Bitrix\Main\Engine\ActionFilter;


use Bitrix\Main;


final class Cors extends Base

{

    private ?string $origin;


    private bool $credentials;


    private ?array $allowedMethods;

    private ?array $allowedHeaders;


    public function __construct(string $origin = null, bool $credentials = false)

    {

        $this->origin = $origin;

        $this->credentials = $credentials;


        parent::__construct();

    }


    public function onBeforeAction(Main\Event $event): void

    {

        $this->setCorsHeaders();

    }


    public function onAfterAction(Main\Event $event): void

    {

        $this->setCorsHeaders();

    }


    public function setAllowedMethods(array $methods): self

    {

        $this->allowedMethods = $methods;

        return $this;

    }


    public function setAllowedHeaders(array $headers): self

    {

        $this->allowedHeaders = $headers;

        return $this;

    }


    private function setCorsHeaders(): void

    {

        $context = Main\Context::getCurrent();

        if (!$context)

        {

            return;

        }


        $response = $context->getResponse();

        $origin = $this->origin ?: $context->getRequest()->getHeader('Origin');

        if ($origin && $response instanceof Main\HttpResponse)

        {

            $currentHttpHeaders = $response->getHeaders();

            if (!$currentHttpHeaders->get('Access-Control-Allow-Origin'))

            {

                $currentHttpHeaders->add('Access-Control-Allow-Origin', $origin);

            }

            if ($this->credentials && !$currentHttpHeaders->get('Access-Control-Allow-Credentials'))

            {

                $currentHttpHeaders->add('Access-Control-Allow-Credentials', 'true');

            }

            if (!empty($this->allowedHeaders) && !$currentHttpHeaders->get('Access-Control-Allow-Headers'))

            {

                $currentHttpHeaders->add('Access-Control-Allow-Headers', implode(',', $this->allowedHeaders));

            }

            if (!empty($this->allowedMethods) && !$currentHttpHeaders->get('Access-Control-Allow-Methods'))

            {

                $currentHttpHeaders->add('Access-Control-Allow-Methods', implode(',', $this->allowedMethods));

            }

        }

    }

}


Bitrix\Main\Engine\ActionFilter\Base
Definition base.php:15

Bitrix\Main\Engine\ActionFilter\Cors
Definition cors.php:13

Bitrix\Main\Engine\ActionFilter\Cors\__construct
__construct(string $origin=null, bool $credentials=false)
Definition cors.php:29

Bitrix\Main\Engine\ActionFilter\Cors\onAfterAction
onAfterAction(Main\Event $event)
Definition cors.php:42

Bitrix\Main\Engine\ActionFilter\Cors\onBeforeAction
onBeforeAction(Main\Event $event)
Definition cors.php:37

Bitrix\Main\Engine\ActionFilter\Cors\setAllowedHeaders
setAllowedHeaders(array $headers)
Definition cors.php:53

Bitrix\Main\Engine\ActionFilter\Cors\setAllowedMethods
setAllowedMethods(array $methods)
Definition cors.php:47

Bitrix\Main\Event
Definition event.php:5

Bitrix\Main\HttpResponse
Definition httpresponse.php:8

Bitrix\Main\Engine\ActionFilter
Definition authentication.php:4

Bitrix\Main