From 5544c3598c71dedf89a0b0f057678f18addf8ab2 Mon Sep 17 00:00:00 2001
From: Richard Bairwell <richard@bairwell.com>
Date: Wed, 13 Apr 2016 16:20:09 +0000
Subject: [PATCH] v0.3.0 - Add handling of fully qualified origin settings

---
 .gitignore                          |  1 -
 CHANGELOG.md                        |  2 ++
 src/MiddlewareCors/Traits/Parse.php |  6 ++++
 tests/MiddlewareCorsTest.php        | 43 ++++++++++++++++++++++++++++-
 4 files changed, 50 insertions(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore
index 1d82976..52dff68 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,5 @@
 /phpcs.xml
 /phpunit.xml
-.idea/*
 /vendor/
 /build
 composer.lock
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 09516d2..f30dd14 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,5 @@
+v0.3.0 - 13th Apr 2016
+         Added handling of origins which are fully qualified ( such as http://example.com/ instead of just hostname)
 v0.2.0 - 5th Jan 2016
          Renamed from Bairwell/Cors to Bairwell/MiddlewareCors (packagist name Bairwell\Middleware-Cors)
          Remove Slim dependency from dev (moved to examples) (fixes https://github.com/bairwell/middleware-cors/issues/2 )
diff --git a/src/MiddlewareCors/Traits/Parse.php b/src/MiddlewareCors/Traits/Parse.php
index 51e3a2e..e06c12c 100644
--- a/src/MiddlewareCors/Traits/Parse.php
+++ b/src/MiddlewareCors/Traits/Parse.php
@@ -171,6 +171,12 @@ protected function parseOrigin(ServerRequestInterface $request) : string
         $this->addLog('Processing origin of "'.$origin.'"');
         // lowercase the user provided origin for comparison purposes.
         $origin = strtolower($origin);
+        $parsed = parse_url($origin);
+        if (true === is_array($parsed) && true === isset($parsed['host'])) {
+            $this->addLog('Parsed a hostname from origin: '.$parsed['host']);
+            $origin = $parsed['host'];
+        }
+
         // read the current origin setting
         $originSetting = $this->settings['origin'];
 
diff --git a/tests/MiddlewareCorsTest.php b/tests/MiddlewareCorsTest.php
index 51f56f6..cf1a8d7 100644
--- a/tests/MiddlewareCorsTest.php
+++ b/tests/MiddlewareCorsTest.php
@@ -1,7 +1,7 @@
 <?php
 /**
  * Tests the main CORs system.
- * 
+ *
  * Part of the Bairwell\MiddlewareCors package.
  *
  * (c) Richard Bairwell <richard@bairwell.com>
@@ -193,6 +193,47 @@ public function testInvokerWithOriginHeader()
 
     }//end testInvokerWithOriginHeader()
 
+    /**
+     * Runs a test based on this having:
+     * - Method: GET
+     * - * allowed origin (default)
+     * - Origin set to example.com (matching wildcard)
+     * should get
+     * Access-Control-Allow-Origin
+     * and next called.
+     *
+     * @test
+     * @covers \Bairwell\MiddlewareCors::__construct
+     * @covers \Bairwell\MiddlewareCors::__invoke
+     * @covers \Bairwell\MiddlewareCors\Traits\Parse::parseOriginMatch
+     * @covers \Bairwell\MiddlewareCors\Traits\Parse::parseOrigin
+     */
+    public function testInvokerWithFullyQualifiedOriginHeader()
+    {
+        $results  = $this->runInvoke(
+            [
+                'method'        => 'GET',
+                'setHeaders'    => ['origin' => 'http://example.com:83/text.html'],
+                'configuration' => []
+            ]
+        );
+        $expected = ['withHeader:Access-Control-Allow-Origin' => '*', 'calledNext' => 'called'];
+        $this->arraysAreSimilar($results, $expected);
+        // check logs
+        $expectedLogs=[
+            'Request has an origin setting and is being treated like a CORs request',
+            'Processing origin of "http://example.com:83/text.html"',
+            'Parsed a hostname from origin: example.com',
+            'Attempting to match origin as string',
+            'Checking configuration origin of "*" against user "example.com"',
+            'Origin is either an empty string or wildcarded star. Returning *',
+            'Processing with origin of "*"',
+            'Calling next bit of middleware'
+        ];
+        $logEntries=$this->getLoggerStrings();
+        $this->assertEquals($expectedLogs,$logEntries);
+
+    }//end testInvokerWithOriginHeader()
     /**
      * Runs a test based on this having:
      * - Method: GET