Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
Y
yii2
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
PSDI Army
yii2
Commits
046b56ce
Commit
046b56ce
authored
Oct 08, 2014
by
Qiang Xue
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Fixes #5423: `yii\behaviors\Cors` causes "undefined index" error when its `cors` is configured
parent
12a7c38e
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
15 additions
and
15 deletions
+15
-15
CHANGELOG.md
framework/CHANGELOG.md
+1
-0
Cors.php
framework/filters/Cors.php
+14
-15
No files found.
framework/CHANGELOG.md
View file @
046b56ce
...
@@ -9,6 +9,7 @@ Yii Framework 2 Change Log
...
@@ -9,6 +9,7 @@ Yii Framework 2 Change Log
-
Bug #5314: Fixed typo in the implementation of
`yii\web\Session::getHasSessionId()`
(qiangxue)
-
Bug #5314: Fixed typo in the implementation of
`yii\web\Session::getHasSessionId()`
(qiangxue)
-
Bug #5323: Nested dropdown does not work for
`yii\bootstrap\DropDown`
(aryraditya)
-
Bug #5323: Nested dropdown does not work for
`yii\bootstrap\DropDown`
(aryraditya)
-
Bug #5336:
`yii\bootstrap\DropDown`
should register bootstrap plugin asset (zelenin)
-
Bug #5336:
`yii\bootstrap\DropDown`
should register bootstrap plugin asset (zelenin)
-
Bug #5423:
`yii\behaviors\Cors`
causes "undefined index" error when its
`cors`
is configured (qiangxue)
-
Bug: Date and time formatting now assumes UTC as the timezone for input dates unless a timezone is explicitly given (cebe)
-
Bug: Date and time formatting now assumes UTC as the timezone for input dates unless a timezone is explicitly given (cebe)
-
Enh #4040: Added
`$viewFile`
and
`$params`
to the
`EVENT_BEFORE_RENDER`
and
`EVENT_AFTER_RENDER`
events for
`View`
(qiangxue)
-
Enh #4040: Added
`$viewFile`
and
`$params`
to the
`EVENT_BEFORE_RENDER`
and
`EVENT_AFTER_RENDER`
events for
`View`
(qiangxue)
-
Enh #4275: Added
`removeChildren()`
to
`yii\rbac\ManagerInterface`
and implementations (samdark)
-
Enh #4275: Added
`removeChildren()`
to
`yii\rbac\ManagerInterface`
and implementations (samdark)
...
...
framework/filters/Cors.php
View file @
046b56ce
...
@@ -15,7 +15,7 @@ use yii\web\Response;
...
@@ -15,7 +15,7 @@ use yii\web\Response;
/**
/**
* Cors filter implements [Cross Origin Resource Sharing](http://en.wikipedia.org/wiki/Cross-origin_resource_sharing).
* Cors filter implements [Cross Origin Resource Sharing](http://en.wikipedia.org/wiki/Cross-origin_resource_sharing).
* Make sure to read carefully what CORS does and does not. CORS do not secure your API,
* Make sure to read carefully what CORS does and does not. CORS do not secure your API,
* but allow the develop
p
er to grant access to third party code (ajax calls from external domain)
* but allow the developer to grant access to third party code (ajax calls from external domain)
*
*
* You may use CORS filter by attaching it as a behavior to a controller or module, like the following,
* You may use CORS filter by attaching it as a behavior to a controller or module, like the following,
*
*
...
@@ -90,8 +90,8 @@ class Cors extends ActionFilter
...
@@ -90,8 +90,8 @@ class Cors extends ActionFilter
*/
*/
public
function
beforeAction
(
$action
)
public
function
beforeAction
(
$action
)
{
{
$this
->
request
=
$this
->
request
?
:
Yii
::
$app
->
getRequest
();
$this
->
request
=
$this
->
request
?:
Yii
::
$app
->
getRequest
();
$this
->
response
=
$this
->
response
?
:
Yii
::
$app
->
getResponse
();
$this
->
response
=
$this
->
response
?:
Yii
::
$app
->
getResponse
();
$this
->
overrideDefaultSettings
(
$action
);
$this
->
overrideDefaultSettings
(
$action
);
...
@@ -129,7 +129,7 @@ class Cors extends ActionFilter
...
@@ -129,7 +129,7 @@ class Cors extends ActionFilter
$requestHeaders
=
array_keys
(
$this
->
cors
);
$requestHeaders
=
array_keys
(
$this
->
cors
);
foreach
(
$requestHeaders
as
$headerField
)
{
foreach
(
$requestHeaders
as
$headerField
)
{
$serverField
=
$this
->
headerizeToPhp
(
$headerField
);
$serverField
=
$this
->
headerizeToPhp
(
$headerField
);
$headerData
=
isset
(
$_SERVER
[
$serverField
])
?
$_SERVER
[
$serverField
]
:
null
;
$headerData
=
isset
(
$_SERVER
[
$serverField
])
?
$_SERVER
[
$serverField
]
:
null
;
if
(
$headerData
!==
null
)
{
if
(
$headerData
!==
null
)
{
$headers
[
$headerField
]
=
$headerData
;
$headers
[
$headerField
]
=
$headerData
;
}
}
...
@@ -148,7 +148,8 @@ class Cors extends ActionFilter
...
@@ -148,7 +148,8 @@ class Cors extends ActionFilter
// handle Origin
// handle Origin
if
(
isset
(
$requestHeaders
[
'Origin'
]))
{
if
(
isset
(
$requestHeaders
[
'Origin'
]))
{
if
((
in_array
(
'*'
,
$this
->
cors
[
'Origin'
])
===
true
)
if
((
in_array
(
'*'
,
$this
->
cors
[
'Origin'
])
===
true
)
||
(
in_array
(
$requestHeaders
[
'Origin'
],
$this
->
cors
[
'Origin'
])))
{
||
(
in_array
(
$requestHeaders
[
'Origin'
],
$this
->
cors
[
'Origin'
]))
)
{
$responseHeaders
[
'Access-Control-Allow-Origin'
]
=
$requestHeaders
[
'Origin'
];
$responseHeaders
[
'Access-Control-Allow-Origin'
]
=
$requestHeaders
[
'Origin'
];
}
}
}
}
...
@@ -160,13 +161,11 @@ class Cors extends ActionFilter
...
@@ -160,13 +161,11 @@ class Cors extends ActionFilter
$responseHeaders
[
'Access-Control-Allow-Methods'
]
=
implode
(
', '
,
$this
->
cors
[
'Access-Control-Request-Method'
]);
$responseHeaders
[
'Access-Control-Allow-Methods'
]
=
implode
(
', '
,
$this
->
cors
[
'Access-Control-Request-Method'
]);
}
}
if
(
$this
->
cors
[
'Access-Control-Allow-Credentials'
]
===
true
)
{
if
(
isset
(
$this
->
cors
[
'Access-Control-Allow-Credentials'
]))
{
$responseHeaders
[
'Access-Control-Allow-Credentials'
]
=
'true'
;
$responseHeaders
[
'Access-Control-Allow-Credentials'
]
=
$this
->
cors
[
'Access-Control-Allow-Credentials'
]
?
'true'
:
'false'
;
}
elseif
(
$this
->
cors
[
'Access-Control-Allow-Credentials'
]
===
false
)
{
$responseHeaders
[
'Access-Control-Allow-Credentials'
]
=
'false'
;
}
}
if
(
(
$_SERVER
[
'REQUEST_METHOD'
]
===
'OPTIONS'
)
&&
(
$this
->
cors
[
'Access-Control-Max-Age'
]
!==
null
))
{
if
(
isset
(
$this
->
cors
[
'Access-Control-Max-Age'
])
&&
Yii
::
$app
->
getRequest
()
->
getIsOptions
(
))
{
$responseHeaders
[
'Access-Control-Max-Age'
]
=
$this
->
cors
[
'Access-Control-Max-Age'
];
$responseHeaders
[
'Access-Control-Max-Age'
]
=
$this
->
cors
[
'Access-Control-Max-Age'
];
}
}
...
@@ -181,8 +180,8 @@ class Cors extends ActionFilter
...
@@ -181,8 +180,8 @@ class Cors extends ActionFilter
*/
*/
protected
function
prepareAllowHeaders
(
$type
,
$requestHeaders
,
&
$responseHeaders
)
protected
function
prepareAllowHeaders
(
$type
,
$requestHeaders
,
&
$responseHeaders
)
{
{
$requestHeaderField
=
'Access-Control-Request-'
.
$type
;
$requestHeaderField
=
'Access-Control-Request-'
.
$type
;
$responseHeaderField
=
'Access-Control-Allow-'
.
$type
;
$responseHeaderField
=
'Access-Control-Allow-'
.
$type
;
if
(
isset
(
$requestHeaders
[
$requestHeaderField
]))
{
if
(
isset
(
$requestHeaders
[
$requestHeaderField
]))
{
if
(
in_array
(
'*'
,
$this
->
cors
[
$requestHeaderField
]))
{
if
(
in_array
(
'*'
,
$this
->
cors
[
$requestHeaderField
]))
{
$responseHeaders
[
$responseHeaderField
]
=
$this
->
headerize
(
$requestHeaders
[
$requestHeaderField
]);
$responseHeaders
[
$responseHeaderField
]
=
$this
->
headerize
(
$requestHeaders
[
$requestHeaderField
]);
...
@@ -226,8 +225,8 @@ class Cors extends ActionFilter
...
@@ -226,8 +225,8 @@ class Cors extends ActionFilter
*/
*/
protected
function
headerize
(
$string
)
protected
function
headerize
(
$string
)
{
{
$headers
=
preg_split
(
"/[\s,]+/"
,
$string
,
-
1
,
PREG_SPLIT_NO_EMPTY
);
$headers
=
preg_split
(
"/[
\
\
s,]+/"
,
$string
,
-
1
,
PREG_SPLIT_NO_EMPTY
);
$headers
=
array_map
(
function
(
$element
)
{
$headers
=
array_map
(
function
(
$element
)
{
return
str_replace
(
' '
,
'-'
,
ucwords
(
strtolower
(
str_replace
([
'_'
,
'-'
],
[
' '
,
' '
],
$element
))));
return
str_replace
(
' '
,
'-'
,
ucwords
(
strtolower
(
str_replace
([
'_'
,
'-'
],
[
' '
,
' '
],
$element
))));
},
$headers
);
},
$headers
);
return
implode
(
', '
,
$headers
);
return
implode
(
', '
,
$headers
);
...
@@ -242,6 +241,6 @@ class Cors extends ActionFilter
...
@@ -242,6 +241,6 @@ class Cors extends ActionFilter
*/
*/
protected
function
headerizeToPhp
(
$string
)
protected
function
headerizeToPhp
(
$string
)
{
{
return
'HTTP_'
.
strtoupper
(
str_replace
([
' '
,
'-'
],
[
'_'
,
'_'
],
$string
));
return
'HTTP_'
.
strtoupper
(
str_replace
([
' '
,
'-'
],
[
'_'
,
'_'
],
$string
));
}
}
}
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment