chore: Normalize Origin header in CORS middleware dan update test_cors
This commit is contained in:
mwpn
@@ -34,10 +34,12 @@ $response1->getBody()->write(json_encode(['status' => 'ok']));
|
|||||||
$middleware = new CorsMiddleware();
|
$middleware = new CorsMiddleware();
|
||||||
$handler = new class($response1) implements \Psr\Http\Server\RequestHandlerInterface {
|
$handler = new class($response1) implements \Psr\Http\Server\RequestHandlerInterface {
|
||||||
private $response;
|
private $response;
|
||||||
public function __construct($response) {
|
public function __construct($response)
|
||||||
|
{
|
||||||
$this->response = $response;
|
$this->response = $response;
|
||||||
}
|
}
|
||||||
public function handle(\Psr\Http\Message\ServerRequestInterface $request): \Psr\Http\Message\ResponseInterface {
|
public function handle(\Psr\Http\Message\ServerRequestInterface $request): \Psr\Http\Message\ResponseInterface
|
||||||
|
{
|
||||||
return $this->response;
|
return $this->response;
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
@@ -52,17 +54,19 @@ foreach ($result1->getHeaders() as $name => $values) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Test 2: Origin yang tidak ada di .env
|
// Test 2: Origin yang tidak ada di .env
|
||||||
echo "\nTest 2: Origin 'http://example.com' (tidak ada di .env):\n";
|
echo "\nTest 2: Origin 'http://retribusi.btekno.cloud' (tidak ada di .env):\n";
|
||||||
$request2 = $requestFactory->createServerRequest('GET', '/health')
|
$request2 = $requestFactory->createServerRequest('GET', '/health')
|
||||||
->withHeader('Origin', 'http://example.com');
|
->withHeader('Origin', 'http://retribusi.btekno.cloud');
|
||||||
|
|
||||||
$response2 = $responseFactory->createResponse(200);
|
$response2 = $responseFactory->createResponse(200);
|
||||||
$handler2 = new class($response2) implements \Psr\Http\Server\RequestHandlerInterface {
|
$handler2 = new class($response2) implements \Psr\Http\Server\RequestHandlerInterface {
|
||||||
private $response;
|
private $response;
|
||||||
public function __construct($response) {
|
public function __construct($response)
|
||||||
|
{
|
||||||
$this->response = $response;
|
$this->response = $response;
|
||||||
}
|
}
|
||||||
public function handle(\Psr\Http\Message\ServerRequestInterface $request): \Psr\Http\Message\ResponseInterface {
|
public function handle(\Psr\Http\Message\ServerRequestInterface $request): \Psr\Http\Message\ResponseInterface
|
||||||
|
{
|
||||||
return $this->response;
|
return $this->response;
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
@@ -89,10 +93,12 @@ $request3 = $requestFactory->createServerRequest('OPTIONS', '/health')
|
|||||||
$response3 = $responseFactory->createResponse(200);
|
$response3 = $responseFactory->createResponse(200);
|
||||||
$handler3 = new class($response3) implements \Psr\Http\Server\RequestHandlerInterface {
|
$handler3 = new class($response3) implements \Psr\Http\Server\RequestHandlerInterface {
|
||||||
private $response;
|
private $response;
|
||||||
public function __construct($response) {
|
public function __construct($response)
|
||||||
|
{
|
||||||
$this->response = $response;
|
$this->response = $response;
|
||||||
}
|
}
|
||||||
public function handle(\Psr\Http\Message\ServerRequestInterface $request): \Psr\Http\Message\ResponseInterface {
|
public function handle(\Psr\Http\Message\ServerRequestInterface $request): \Psr\Http\Message\ResponseInterface
|
||||||
|
{
|
||||||
return $this->response;
|
return $this->response;
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
@@ -112,4 +118,3 @@ echo "\nJika Test 1 tidak ada CORS headers, kemungkinan:\n";
|
|||||||
echo "1. PHP-FPM belum di-restart setelah perubahan code\n";
|
echo "1. PHP-FPM belum di-restart setelah perubahan code\n";
|
||||||
echo "2. Opcache masih cache code lama (clear opcache)\n";
|
echo "2. Opcache masih cache code lama (clear opcache)\n";
|
||||||
echo "3. Check error log: tail -f /www/wwwlogs/api.btekno.cloud.error.log\n";
|
echo "3. Check error log: tail -f /www/wwwlogs/api.btekno.cloud.error.log\n";
|
||||||
|
|
||||||
|
|||||||
@@ -22,8 +22,8 @@ class CorsMiddleware implements MiddlewareInterface
|
|||||||
{
|
{
|
||||||
// Load allowed origins from ENV or use defaults
|
// Load allowed origins from ENV or use defaults
|
||||||
$originsEnv = AppConfig::get('CORS_ALLOWED_ORIGINS', '*');
|
$originsEnv = AppConfig::get('CORS_ALLOWED_ORIGINS', '*');
|
||||||
$this->allowedOrigins = $originsEnv === '*'
|
$this->allowedOrigins = $originsEnv === '*'
|
||||||
? ['*']
|
? ['*']
|
||||||
: array_map('trim', explode(',', $originsEnv));
|
: array_map('trim', explode(',', $originsEnv));
|
||||||
|
|
||||||
// Allowed HTTP methods
|
// Allowed HTTP methods
|
||||||
@@ -47,6 +47,15 @@ class CorsMiddleware implements MiddlewareInterface
|
|||||||
): ResponseInterface {
|
): ResponseInterface {
|
||||||
$origin = $request->getHeaderLine('Origin');
|
$origin = $request->getHeaderLine('Origin');
|
||||||
|
|
||||||
|
// Normalize origin (strip path if someone sends invalid Origin)
|
||||||
|
if ($origin && str_contains($origin, '/')) {
|
||||||
|
$parsed = parse_url($origin);
|
||||||
|
if (isset($parsed['scheme'], $parsed['host'])) {
|
||||||
|
$origin = $parsed['scheme'] . '://' . $parsed['host']
|
||||||
|
. (isset($parsed['port']) ? ':' . $parsed['port'] : '');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// Handle preflight OPTIONS request
|
// Handle preflight OPTIONS request
|
||||||
if ($request->getMethod() === 'OPTIONS') {
|
if ($request->getMethod() === 'OPTIONS') {
|
||||||
$responseFactory = new ResponseFactory();
|
$responseFactory = new ResponseFactory();
|
||||||
@@ -132,4 +141,3 @@ class CorsMiddleware implements MiddlewareInterface
|
|||||||
return $this->allowedOrigins[0] ?? null;
|
return $this->allowedOrigins[0] ?? null;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user