Improved CORS support

Author: Raaghu

.gitlab-ci.yml

@@ -1,31 +1,30 @@
-before_script:
-  - bash ci/docker_install.sh
-
-test_5.4:
-  image : phpplatform/php-apache-xdebug-composer:5.4
-  script :
-    - ./vendor/bin/phpunit -c ci/phpunit.xml
-
-test_5.5:
-  image : phpplatform/php-apache-xdebug-composer:5.5
-  script :
-    - ./vendor/bin/phpunit -c ci/phpunit.xml
-
-test_5.6:
-  image : phpplatform/php-apache-xdebug-composer:5.6
-  script :
-    - ./vendor/bin/phpunit -c ci/phpunit.xml
-
-test_7.0:
-  image : phpplatform/php-apache-xdebug-composer:7.0
-  script :
-    - ./vendor/bin/phpunit -c ci/phpunit.xml
-
-test_7.1:
-  image : phpplatform/php-apache-xdebug-composer:7.1
-  script :
-    - ./vendor/bin/phpunit -c ci/phpunit.xml
-
-after_script:
-  - bash <(curl -s https://codecov.io/bash) -t c09c03aa-44ab-4b07-934e-f20fd3a604c1
-  - cat /var/log/apache2/error.log
+before_script:
+  - bash ci/docker_install.sh
+
+test_5.4:
+  image : phpplatform/php-apache-xdebug-composer:5.4
+  script :
+    - ./vendor/bin/phpunit -c ci/phpunit.xml
+
+test_5.5:
+  image : phpplatform/php-apache-xdebug-composer:5.5
+  script :
+    - ./vendor/bin/phpunit -c ci/phpunit.xml
+
+test_5.6:
+  image : phpplatform/php-apache-xdebug-composer:5.6
+  script :
+    - ./vendor/bin/phpunit -c ci/phpunit.xml
+
+test_7.0:
+  image : phpplatform/php-apache-xdebug-composer:7.0
+  script :
+    - ./vendor/bin/phpunit -c ci/phpunit.xml
+
+test_7.1:
+  image : phpplatform/php-apache-xdebug-composer:7.1
+  script :
+    - ./vendor/bin/phpunit -c ci/phpunit.xml
+
+after_script:
+  - bash <(curl -s https://codecov.io/bash) -t c09c03aa-44ab-4b07-934e-f20fd3a604c1

README.md

@@ -168,15 +168,36 @@ CORS configurations enables CORS (Cross Origin Resource Sharing) authentication
 
 ``` JSON
 "CORS":{
-    "AllowedOrigins":[
+    "AllowOrigins":[
     ],
-    "AllowedMethods":[
+    "AllowMethods":[
     ],
-    "AllowedHeaders":[
+    "AllowHeaders":[
     ],
     "AllowCredentials":false,
     "MaxAge":1000
 }
 ```
 
-Details of these can be found in [https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS)
+Details of these can be found in [https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS)
+
+##### Access-Control-* Headers 
+
+  * **Access-Control-Allow-Origin**
+  This header is set to `origin` header in the request only if that `origin` is listed in `CORS.AllowOrigins` configuration
+  
+  * **Access-Control-Allow-Methods**
+  Comma seperated Methods configured in `CORS.AllowMethods`
+  
+  * **Access-Control-Allow-Headers**
+  Comma seperated Headers configured in `CORS.AllowHeaders`
+  
+  * **Access-Control-Allow-Credentials**
+  True/False configured in `CORS.AllowCredentials`
+  
+  * **Access-Control-Max-Age**
+  number of seconds configured in `CORS.MaxAge`
+  
+  * **Access-Control-Exposed-Headers**
+  Comma separated names of headers explicitely set in HTTPResponse object from the service
+  

config.json

@@ -1,48 +1,45 @@
 {
-    "serializers":{
-        "string":{
-            "text/plain":"PhpPlatform\\RESTFul\\Serialization\\StringToPlainTextSerialization"
+    "serializers": {
+        "string": {
+            "text/plain": "PhpPlatform\\RESTFul\\Serialization\\StringToPlainTextSerialization"
         },
-        "array":{
-            "application/json":"PhpPlatform\\RESTFul\\Serialization\\ArrayToJsonSerialization"
+        "array": {
+            "application/json": "PhpPlatform\\RESTFul\\Serialization\\ArrayToJsonSerialization"
         },
-        "SimpleXMLElement":{
-            "application/xml":"PhpPlatform\\RESTFul\\Serialization\\SimpleXMLElementToXmlSerialization"
+        "SimpleXMLElement": {
+            "application/xml": "PhpPlatform\\RESTFul\\Serialization\\SimpleXMLElementToXmlSerialization"
         }
     },
-    "deserializers":{
-        "application/json":{
-            "array":"PhpPlatform\\RESTFul\\Serialization\\ArrayToJsonSerialization"
+    "deserializers": {
+        "application/json": {
+            "array": "PhpPlatform\\RESTFul\\Serialization\\ArrayToJsonSerialization"
         },
-        "application/xml":{
-            "SimpleXMLElement":"PhpPlatform\\RESTFul\\Serialization\\SimpleXMLElementToXmlSerialization"
+        "application/xml": {
+            "SimpleXMLElement": "PhpPlatform\\RESTFul\\Serialization\\SimpleXMLElementToXmlSerialization"
         },
-        "multipart/form-data":{
-            "array":"PhpPlatform\\RESTFul\\Serialization\\MultiPartFormToArrayDeserialization"
+        "multipart/form-data": {
+            "array": "PhpPlatform\\RESTFul\\Serialization\\MultiPartFormToArrayDeserialization"
         },
-        "application/x-www-form-urlencoded":{
-            "array":"PhpPlatform\\RESTFul\\Serialization\\FormToArrayDeserialization"
+        "application/x-www-form-urlencoded": {
+            "array": "PhpPlatform\\RESTFul\\Serialization\\FormToArrayDeserialization"
         },
-        "text/plain":{
-            "string":"PhpPlatform\\RESTFul\\Serialization\\StringToPlainTextSerialization"
+        "text/plain": {
+            "string": "PhpPlatform\\RESTFul\\Serialization\\StringToPlainTextSerialization"
         }
     },
-    "routes":{
-
+    "routes": {
+        
     },
-    "recaptcha":{
-	    "enable":false,
-	    "secret":"",
-	    "url":"https://www.google.com/recaptcha/api/siteverify"
-	},
-	"CORS":{
-	    "AllowedOrigins":[
-	    ],
-	    "AllowedMethods":[
-	    ],
-	    "AllowedHeaders":[
-	    ],
-	    "AllowCredentials":false,
-	    "MaxAge":1000
-	}
+    "recaptcha": {
+        "enable": false,
+        "secret": "",
+        "url": "https://www.google.com/recaptcha/api/siteverify"
+    },
+    "CORS": {
+        "AllowOrigins": [],
+        "AllowMethods": [],
+        "AllowHeaders": [],
+        "AllowCredentials": false,
+        "MaxAge": 1000
+    }
 }

src/RESTFul/CORS/PreFlight.php

@@ -0,0 +1,20 @@
+<?php
+
+namespace PhpPlatform\RESTFul\CORS;
+
+use PhpPlatform\RESTFul\RESTService;
+use PhpPlatform\RESTFul\HTTPResponse;
+
+/**
+ * @Path "/"
+ */
+class PreFlight implements RESTService {
+	
+	/**
+	 * @Path "/"
+	 * @OPTIONS
+	 */
+	function preFlight(){
+		return new HTTPResponse();
+	}
+}

src/RESTFul/HTTPResponse.php

@@ -83,13 +83,14 @@ function setData($data){
 	 */
 	function flush($httpAccept = null){
 		try{
-			// set reponse code and message
-			header($_SERVER['SERVER_PROTOCOL']." ".$this->code." ".$this->message);
-			
+			// set headers
 			foreach ($this->headers as $name=>$value){
 				header("$name:$value");
 			}
 
+			// set reponse code and message
+			header($_SERVER['SERVER_PROTOCOL']." ".$this->code." ".$this->message);
+			
 			// clear buffer , if any
 			if(ob_get_length() !== false){
 				ob_clean();