Merge pull request #5 from bairwell/develop

v0.3.0 - Add handling of fully qualified origin settings

.gitignore

@@ -1,6 +1,5 @@
 /phpcs.xml
 /phpunit.xml
-.idea/*
 /vendor/
 /build
 composer.lock

CHANGELOG.md

@@ -1,3 +1,5 @@
+v0.3.0 - 13th Apr 2016
+         Added handling of origins which are fully qualified ( such as http://example.com/ instead of just hostname)
 v0.2.0 - 5th Jan 2016
          Renamed from Bairwell/Cors to Bairwell/MiddlewareCors (packagist name Bairwell\Middleware-Cors)
          Remove Slim dependency from dev (moved to examples) (fixes https://github.com/bairwell/middleware-cors/issues/2 )

src/MiddlewareCors/Traits/Parse.php

@@ -171,6 +171,12 @@ protected function parseOrigin(ServerRequestInterface $request) : string
         $this->addLog('Processing origin of "'.$origin.'"');
         // lowercase the user provided origin for comparison purposes.
         $origin = strtolower($origin);
+        $parsed = parse_url($origin);
+        if (true === is_array($parsed) && true === isset($parsed['host'])) {
+            $this->addLog('Parsed a hostname from origin: '.$parsed['host']);
+            $origin = $parsed['host'];
+        }
+
         // read the current origin setting
         $originSetting = $this->settings['origin'];
 

tests/MiddlewareCorsTest.php

@@ -1,7 +1,7 @@
 <?php
 /**
  * Tests the main CORs system.
- * 
+ *
  * Part of the Bairwell\MiddlewareCors package.
  *
  * (c) Richard Bairwell <[email protected]>
@@ -193,6 +193,47 @@ public function testInvokerWithOriginHeader()
 
     }//end testInvokerWithOriginHeader()
 
+    /**
+     * Runs a test based on this having:
+     * - Method: GET
+     * - * allowed origin (default)
+     * - Origin set to example.com (matching wildcard)
+     * should get
+     * Access-Control-Allow-Origin
+     * and next called.
+     *
+     * @test
+     * @covers \Bairwell\MiddlewareCors::__construct
+     * @covers \Bairwell\MiddlewareCors::__invoke
+     * @covers \Bairwell\MiddlewareCors\Traits\Parse::parseOriginMatch
+     * @covers \Bairwell\MiddlewareCors\Traits\Parse::parseOrigin
+     */
+    public function testInvokerWithFullyQualifiedOriginHeader()
+    {
+        $results  = $this->runInvoke(
+            [
+                'method'        => 'GET',
+                'setHeaders'    => ['origin' => 'http://example.com:83/text.html'],
+                'configuration' => []
+            ]
+        );
+        $expected = ['withHeader:Access-Control-Allow-Origin' => '*', 'calledNext' => 'called'];
+        $this->arraysAreSimilar($results, $expected);
+        // check logs
+        $expectedLogs=[
+            'Request has an origin setting and is being treated like a CORs request',
+            'Processing origin of "http://example.com:83/text.html"',
+            'Parsed a hostname from origin: example.com',
+            'Attempting to match origin as string',
+            'Checking configuration origin of "*" against user "example.com"',
+            'Origin is either an empty string or wildcarded star. Returning *',
+            'Processing with origin of "*"',
+            'Calling next bit of middleware'
+        ];
+        $logEntries=$this->getLoggerStrings();
+        $this->assertEquals($expectedLogs,$logEntries);
+
+    }//end testInvokerWithOriginHeader()
     /**
      * Runs a test based on this having:
      * - Method: GET