container = $container; $this->cors = $cors; } /** * Handle the incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return \Illuminate\Http\Response */ public function handle($request, Closure $next) { if (! $this->hasMatchingPath($request)) { return $next($request); } $this->cors->setOptions($this->container['config']->get('cors', [])); if ($this->cors->isPreflightRequest($request)) { $response = $this->cors->handlePreflightRequest($request); $this->cors->varyHeader($response, 'Access-Control-Request-Method'); return $response; } $response = $next($request); if ($request->getMethod() === 'OPTIONS') { $this->cors->varyHeader($response, 'Access-Control-Request-Method'); } return $this->cors->addActualRequestHeaders($response, $request); } /** * Get the path from the configuration to determine if the CORS service should run. * * @param \Illuminate\Http\Request $request * @return bool */ protected function hasMatchingPath(Request $request): bool { $paths = $this->getPathsByHost($request->getHost()); foreach ($paths as $path) { if ($path !== '/') { $path = trim($path, '/'); } if ($request->fullUrlIs($path) || $request->is($path)) { return true; } } return false; } /** * Get the CORS paths for the given host. * * @param string $host * @return array */ protected function getPathsByHost(string $host) { $paths = $this->container['config']->get('cors.paths', []); if (isset($paths[$host])) { return $paths[$host]; } return array_filter($paths, function ($path) { return is_string($path); }); } }