3 // Copyright (c) 2017 Blue Static
5 // This program is free software: you can redistribute it and/or modify it
6 // under the terms of the GNU General Public License as published by the Free
7 // Software Foundation, either version 3 of the License, or any later version.
9 // This program is distributed in the hope that it will be useful, but WITHOUT
10 // ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 // FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
14 // You should have received a copy of the GNU General Public License along with
15 // this program. If not, see <http://www.gnu.org/licenses/>.
17 namespace hoplite\http
;
19 require_once HOPLITE_ROOT
. '/http/interceptor.php';
20 require_once HOPLITE_ROOT
. '/http/response_code.php';
22 class CorsOptionsInterceptor
implements Interceptor
24 private $allowed_origins = [];
26 public function __construct($allowed_origins = []) {
27 $this->allowed_origins
= $allowed_origins;
30 public function DoIntercept(FrontController
$controller,
31 Action
$action = NULL
,
35 if ($action === NULL
) {
39 // If a CORS pre-flight is in process, interrupt the action flow and
40 // permit the request.
41 if ($request->http_method
== 'OPTIONS' &&
42 isset($request->data
['_SERVER']['HTTP_ACCESS_CONTROL_REQUEST_METHOD'])) {
43 if (in_array($request->data
['_SERVER']['HTTP_ORIGIN'], $this->allowed_origins
)) {
44 $controller->SendResponseCode(ResponseCode
::OK
);
46 $controller->SendResponseCode(ResponseCode
::FORBIDDEN
);