First released version

.gitignore

@@ -0,0 +1,6 @@
+/phpcs.xml
+/phpunit.xml
+.idea/*
+/vendor/
+/build
+composer.lock

CONTRIBUTING.md

@@ -0,0 +1,34 @@
+Contributing
+-------------
+
+## Pull Requests
+
+1. Fork the repository
+2. Create a new branch for each feature or improvement
+3. Send a pull request from each feature branch to the **develop** branch
+
+It is very important to separate new features or improvements into separate feature branches, and to send a
+pull request for each branch. This allows me to review and pull in new features or improvements individually.
+
+## Style Guide
+
+All pull requests must adhere to the [PSR-2 standard](http://www.php-fig.org/psr/psr-2/).
+
+This can be checked via, you can run the following commands to check if everything is ready to submit:
+
+    cd cors
+    vendor/bin/phpcs -np
+
+Which should give you no output, indicating that there are no coding standard errors. And then:
+
+
+## Unit Testing
+
+All pull requests must be accompanied by passing unit tests and complete code coverage. The Bairwell\Cors library uses phpunit for testing.
+
+[Learn about PHPUnit](https://github.com/sebastianbergmann/phpunit/)
+
+    cd cors
+    vendor/bin/phpunit
+
+Which should give you no failures or errors. You can ignore any skipped tests as these are for external tools.

LICENSE.md

@@ -0,0 +1,7 @@
+Copyright (c) 2016 Bairwell Ltd.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

README.md

@@ -0,0 +1,63 @@
+# Bairwell\Cors
+
+This is a PHP 7 [Composer](https://getcomposer.org/) compatible library for providing a [PSR-7]((http://www.php-fig.org/psr/psr-7/) compatible middleware layer for handling
+"[CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS)" (Cross Origin Request Security/Cross-Origin Http Request/HTTP access control) headers and security.
+
+## What does this library provides over other CORs librarys?
+
+* PHP-7 type declarations.
+* Works as a piece of [PSR-7]((http://www.php-fig.org/psr/psr-7/) middleware making it compatible with many frameworks (such as [Slim 3](http://slimframework.com) and [Symfony](http://symfony.com/blog/psr-7-support-in-symfony-is-here))
+* Massively flexibility over configuration settings (most can be strings, arrays or callbacks).
+* Follows the [CORs flowchart](http://www.html5rocks.com/static/images/cors_server_flowchart.png) and actively rejects invalid requests.
+* Only sends the appropriate headers when necessary.
+* On CORs "OPTIONS" request, ensure a blank page 204 "No Content" page is returned instead of returning unwanted content bodies.
+* Supports [PSR-3](http://www.php-fig.org/psr/psr-3/) based loggers for debugging purposes.
+* Ignores non-CORs "OPTIONS" requests (for example, on REST services). A CORs request is indicated by the presence of the Origin: header on the inbound request.
+* Fully unit tested.
+* Licensed under the [MIT License](https://opensource.org/licenses/MIT) allowing you to practically do whatever you want.
+* Uses namespaces and is 100% object orientated.
+* Blocks invalid settings.
+* Minimal third party requirements (just the definition files "psr/http-message" and "psr/log" for main, and PHPUnit, PHPCodeSniffer, SlimFramework and Monolog for development/testing).
+
+## Standards
+
+The following [PHP FIG](http://www.php-fig.org/psr/) standards should be followed:
+
+ * [PSR 1 - Basic Coding Standard](http://www.php-fig.org/psr/psr-1/)
+ * [PSR 2 - Coding Style Guide](http://www.php-fig.org/psr/psr-2/)
+ * [PSR 3 - Logger Interface](http://www.php-fig.org/psr/psr-3/)
+ * [PSR 4 - Autoloading Standard](http://www.php-fig.org/psr/psr-4/)
+ * [PSR 5 - PHPDoc Standard](https://github.com/phpDocumentor/fig-standards/tree/master/proposed) - (still in draft)
+ * [PSR 7 - HTTP Message Interface](http://www.php-fig.org/psr/psr-7/) 
+ * [PSR 12 - Extended Coding Style Guide](https://github.com/php-fig/fig-standards/blob/master/proposed/extended-coding-style-guide.md) - (still in draft)
+
+### Standards Checking
+[PHP Code Sniffer](https://github.com/squizlabs/PHP_CodeSniffer/) highlights potential coding standards issues.
+
+`vendor/bin/phpcs`
+
+PHP CS will use the configuration in `phpcs.xml.dist` by default.
+
+To see which sniffs are running add "-s"
+
+## Unit Tests
+[PHPUnit](http://phpunit.de) is installed for unit testing (tests are in `tests`)
+
+To run unit tests:
+`vendor/bin/phpunit`
+
+For a list of the tests that have ran:
+`vendor/bin/phpunit --tap`
+
+To restrict the tests run:
+`vendor/bin/phpunit --filter 'Cors\\Exceptions\\BadOrigin'`
+
+or just
+
+`vendor/bin/phpunit --filter 'ExceptionTest'`
+
+for all tests which have "Exception" in them and:
+`vendor/bin/phpunit --filter '(ExceptionTest::testEverything|ExceptionTest::testStub)'`
+
+to test the two testEverything and testStub methods in the ExceptionTest class.
+

composer.json

@@ -0,0 +1,32 @@
+{
+    "name": "bairwell/cors",
+    "description": "A PSR-7 middleware layer for providing CORS (Cross Origin Request Security) headers and security provisions. Instead of just allowing invalid CORs requests to come through, this middleware actively blocks them after validating.",
+    "keywords": ["psr-7","middleware","cors"],
+    "homepage": "https://bitbucket.org/bairwell/cors",
+    "license": "MIT",
+    "authors": [
+        {
+            "name": "Richard Bairwell",
+            "email": "[email protected]",
+            "homepage": "http://www.bairwell.com"
+        }
+    ],
+    "type": "library",
+    "require": {
+        "php": "^7.0",
+        "psr/http-message": "^1.0",
+        "psr/log": "~1.0"
+    },
+    "require-dev": {
+        "phpunit/phpunit": "^5.1",
+        "squizlabs/php_codesniffer": "^2.5",
+        "slim/slim": "^3.0",
+        "monolog/monolog": "^1.13"
+    },
+    "autoload": {
+        "psr-4": {"Bairwell\\": "src/"}
+    },
+    "autoload-dev": {
+        "psr-4": {"Bairwell\\": "tests/"}
+    }
+}

phpcs.xml.dist

@@ -0,0 +1,186 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<ruleset name="bairwell">
+    <description>Bairwell PHP Coding standards</description>
+    <!--
+       For more info check: https://github.com/squizlabs/PHP_CodeSniffer/wiki
+   -->
+    <file>src</file>
+    <file>tests</file>
+    <config name="colors" value="1"/>
+    <config name="show_progress" value="1"/>
+    <config name="default_standard" value="phpcs.xml"/>
+
+    <arg name="report" value="full"/>
+    <arg value="sp"/>
+    <rule ref="PSR1"/>
+    <rule ref="PSR2"/>
+    <rule ref="MySource">
+        <!-- fails with namespaces -->
+        <exclude name="MySource.Channels.IncludeSystem.NotIncludedExtends"/>
+        <!-- not everything wants a return -->
+        <exclude name="MySource.Commenting.FunctionComment.MissingReturn"/>
+        <!-- duplicated in squiz -->
+        <exclude name="MySource.Commenting.FunctionComment.MissingParamTag"/>
+        <exclude name="MySource.Commenting.FunctionComment.MissingParamName"/>
+        <exclude name="MySource.Commenting.FunctionComment.MissingParamComment"/>
+        <exclude name="MySource.Commenting.FunctionComment.EmptyThrows"/>
+        <exclude name="MySource.Commenting.FunctionComment.TypeHintMissing"/>
+        <exclude name="MySource.Commenting.FunctionComment.SpacingAfterParamName"/>
+        <exclude name="MySource.Commenting.FunctionComment.IncorrectParamVarName"/>
+        <exclude name="MySource.Commenting.FunctionComment.InvalidTypeHint"/>
+        <exclude name="MySource.Commenting.FunctionComment.SpacingAfterParamType"/>
+        <exclude name="MySource.Commenting.FunctionComment.ParamCommentFullStop"/>
+        <exclude name="MySource.Commenting.FunctionComment.Missing"/>
+        <exclude name="MySource.Commenting.FunctionComment.IncorrectTypeHint"/>
+        <exclude name="MySource.Commenting.FunctionComment.ThrowsNotCapital"/>
+        <exclude name="MySource.Commenting.FunctionComment.ParamNameNoMatch"/>
+        <exclude name="MySource.Commenting.FunctionComment.ExtraParamComment"/>
+        <exclude name="MySource.Commenting.FunctionComment.ThrowsNoFullStop"/>
+        <exclude name="MySource.Commenting.FunctionComment.InvalidNoReturn"/>
+        <exclude name="MySource.Commenting.FunctionComment.WrongStyle"/>
+        <exclude name="MySource.Commenting.FunctionComment.ParamCommentNotCapital"/>
+        <!-- sniff does not take namespaces into account -->
+        <exclude name="MySource.Channels.IncludeSystem.NotIncludedCall"/>
+    </rule>
+    <rule ref="Generic">
+        <!--- we want spaces not tabs -->
+        <exclude name="Generic.WhiteSpace.DisallowSpaceIndent.SpacesUsed"/>
+        <!-- we want to use the allman braces style -->
+        <exclude name="Generic.Functions.OpeningFunctionBraceKernighanRitchie.BraceOnNewLine"/>
+        <!-- constants should be upper cased -->
+        <exclude name="Generic.PHP.UpperCaseConstant.Found"/>
+        <!-- we want short arrays -->
+        <exclude name="Generic.Arrays.DisallowShortArraySyntax.Found"/>
+        <!-- sometimes functions are called with parameters they don't really use -->
+        <exclude name="Generic.CodeAnalysis.UnusedFunctionParameter.Found"/>
+        <!-- we want capitals -->
+        <exclude name="Generic.Files.LowercasedFilename.NotFound"/>
+        <!-- not PSR compliant -->
+        <exclude name="Generic.PHP.ClosingPHPTag.NotFound"/>
+        <exclude name="Generic.Files.EndFileNoNewline.Found"/>
+        <!-- conflicts with Generic.Formatting.SpaceAfterCast.NoSpace -->
+        <exclude name="Generic.Formatting.NoSpaceAfterCast.SpaceFound"/>
+        <!-- sometimes we have strings which split across lines -->
+        <exclude name="Generic.Strings.UnnecessaryStringConcat.Found"/>
+        <!-- conflicts with PSR2.Methods.FunctionCallSignature.Indent -->
+        <exclude name="Generic.WhiteSpace.ScopeIndent.Incorrect"/>
+    </rule>
+    <!-- ensure we are looking for Linux line endings -->
+    <rule ref="Generic.Files.LineEndings">
+        <properties>
+            <property name="eolChar" value="\n"/>
+        </properties>
+    </rule>
+    <!--
+   Boolean values should be specified by using the strings
+   "true" and "false" rather than the integers 0 and 1.
+-->
+    <rule ref="Generic.Formatting.MultipleStatementAlignment">
+        <properties>
+            <property name="maxPadding" value="8"/>
+            <property name="ignoreMultiLine" value="true"/>
+            <property name="error" value="true"/>
+        </properties>
+    </rule>
+    <rule ref="Generic.PHP.ForbiddenFunctions">
+        <properties>
+            <property name="forbiddenFunctions" type="array" value="delete=>unset,print=>echo,create_function=>null" />
+        </properties>
+    </rule>
+    <rule ref="Zend">
+        <exclude name="Zend.NamingConventions.ValidVariableName.PrivateNoUnderscore"/>
+    </rule>
+    <rule ref="PHPCS"/>
+    <rule ref="PEAR">
+        <exclude name="PEAR.Functions.FunctionCallSignature.Indent"/>
+        <exclude name="PEAR.Commenting.FileComment"/>
+        <exclude name="PEAR.Commenting.ClassComment"/>
+        <exclude name="PEAR.NamingConventions.ValidVariableName.PrivateNoUnderscore"/>
+        <!-- not PHP7 compliant -->
+        <exclude name="PEAR.Functions.FunctionDeclaration.NewlineBeforeOpenBrace"/>
+
+        <!-- always wants a return even on void -->
+        <exclude name="PEAR.Commenting.FunctionComment.MissingReturn"/>
+        <!-- duplicated in Squiz -->
+        <exclude name="PEAR.Commenting.FunctionComment.MissingParamTag"/>
+        <exclude name="PEAR.Commenting.FunctionComment.MissingParamName"/>
+        <exclude name="PEAR.Commenting.FunctionComment.MissingParamComment"/>
+        <exclude name="PEAR.Functions.FunctionDeclaration.Indent"/>
+        <exclude name="PEAR.Commenting.FunctionComment.SpacingAfterParamName"/>
+        <exclude name="PEAR.Commenting.FunctionComment.SpacingAfterParamType"/>
+        <exclude name="PEAR.Commenting.FunctionComment.Missing"/>
+        <exclude name="PEAR.Commenting.FunctionComment.ParamNameNoMatch"/>
+        <exclude name="PEAR.Commenting.FunctionComment.ExtraParamComment"/>
+        <exclude name="PEAR.Commenting.FunctionComment.WrongStyle"/>
+        <exclude name="PEAR.Commenting.InlineComment.WrongStyle"/>
+        <exclude name="PEAR.Functions.FunctionDeclaration.CloseBracketLine"/>
+        <!-- duplicated in PSR2 -->
+        <exclude name="PEAR.Functions.FunctionCallSignature.MultipleArguments"/>
+        <exclude name="PEAR.Functions.FunctionCallSignature.ContentAfterOpenBracket"/>
+        <exclude name="PEAR.Classes.ClassDeclaration.OpenBraceNewLine"/>
+        <!-- goes against PSR2 -->
+        <exclude name="PEAR.NamingConventions.ValidFunctionName.PrivateNoUnderscore"/>
+        <exclude name="PEAR.Functions.FunctionDeclaration.NoSpaceBeforeOpenBrace"/>
+        <exclude name="PEAR.WhiteSpace.ScopeIndent.Incorrect"/>
+        <!-- duplicated in Generic -->
+        <exclude name="PEAR.Functions.FunctionDeclaration.BraceOnSameLine"/>
+        <exclude name="PEAR.WhiteSpace.ScopeIndent.IncorrectExact"/>
+        <!-- goes against Squiz.Whitespace.OperatorSpacing.SpacingAfter -->
+        <exclude name="PEAR.Formatting.MultiLineAssignment.EqualSignLine"/>
+    </rule>
+    <rule ref="Squiz">
+        <!-- sometimes we want tags in class comments -->
+        <exclude name="Squiz.Commenting.ClassComment.TagNotAllowed"/>
+        <!-- disagree with "Comments may not appear after statements" -->
+        <exclude name="Squiz.Commenting.PostStatementComment.Found"/>
+        <!-- exclude as seems to be broken -->
+        <exclude name="Squiz.Arrays.ArrayDeclaration"/>
+        <!-- ignore -->
+        <exclude name="Squiz.Files.FileExtension.ClassFound"/>
+        <!-- <exclude name="Squiz.Commenting.FileComment"/>
+        <exclude name="Squiz.Commenting.ClassComment.TagNotAllowed"/> -->
+        <!-- we don't need @package -->
+        <exclude name="Squiz.Commenting.FileComment.MissingPackageTag"/>
+        <!-- we don't need @subpackage -->
+        <exclude name="Squiz.Commenting.FileComment.MissingSubpackageTag"/>
+        <!-- conflicts with Generic.Commenting.DocComment.SpacingAfter -->
+        <exclude name="Squiz.Commenting.FileComment.SpacingAfterComment"/>
+        <!-- not all functions need returns -->
+        <exclude name="Squiz.Commenting.FunctionComment.MissingReturn"/>
+        <!-- inline comments should be up to the developer -->
+        <exclude name="Squiz.Commenting.InlineComment.NotCapital"/>
+        <exclude name="Squiz.Commenting.InlineComment.InvalidEndChar"/>
+        <!-- conflicts with PSR2 PSR2.Namespaces.NamespaceDeclaration.BlankLineAfter -->
+        <exclude name="Squiz.WhiteSpace.FunctionSpacing.Before"/>
+        <!-- conflicts with Squiz.Commenting.ClassComment.SpacingBefore -->
+        <exclude name="Squiz.WhiteSpace.FunctionSpacing.After"/>
+        <exclude name="Squiz.WhiteSpace.ObjectOperatorSpacing.Before"/>
+        <exclude name="Squiz.Strings.ConcatenationSpacing.PaddingFound"/>
+        <!-- not PHP7 compliant -->
+        <exclude name="Squiz.Functions.MultiLineFunctionDeclaration.NewlineBeforeOpenBrace"/>
+        <!-- dupicated in generic -->
+        <exclude name="Squiz.PHP.ForbiddenFunctions.FoundWithAlternative"/>
+        <!-- has a problem with multiline methods with return parameters -->
+        <exclude name="Squiz.Functions.MultiLineFunctionDeclaration.NoSpaceBeforeOpenBrace"/>
+        <!-- needed for test overrides -->
+        <exclude name="Squiz.Functions.GlobalFunction.Found"/>
+        <!-- known to conflict with PSR2 -->
+        <exclude name="Squiz.ControlStructures.ElseIfDeclaration.NotAllowed"/>
+        <exclude name="Squiz.NamingConventions.ValidVariableName.PrivateNoUnderscore"/>
+        <exclude name="Squiz.NamingConventions.ValidFunctionName.PrivateNoUnderscore"/>
+        <exclude name="Squiz.WhiteSpace.MemberVarSpacing.Incorrect"/>
+        <exclude name="Squiz.ControlStructures.SwitchDeclaration.BreakIndent"/>
+        <!-- wants 1 blank line before closing function, PSR wants 0 -->
+        <exclude name="Squiz.WhiteSpace.FunctionClosingBraceSpace.SpacingBeforeClose"/>
+        <!-- wants 2 before vars lines, PSR is 0 -->
+        <exclude name="Squiz.WhiteSpace.MemberVarSpacing.Incorrect"/>
+        <!-- duplicated in PSR2 -->
+        <exclude name="Squiz.Classes.ClassDeclaration.OpenBraceNewLine"/>
+        <!-- duplicated in generic as Generic.Functions.OpeningFunctionBraceBsdAllman.BraceOnSameLine -->
+        <exclude name="Squiz.Functions.MultiLineFunctionDeclaration.BraceOnSameLine"/>
+        <!-- can be a pain with type hinting -->
+        <exclude name="Squiz.Commenting.BlockComment.SingleLine"/>
+        <exclude name="Squiz.PHP.CommentedOutCode.Found"/>
+    </rule>
+
+</ruleset>

phpunit.xml.dist

@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:noNamespaceSchemaLocation="vendor/phpunit/phpunit/phpunit.xsd"
+         backupGlobals="false"
+         backupStaticAttributes="false"
+         bootstrap="vendor/autoload.php"
+         colors="true"
+         verbose="true"
+         beStrictAboutOutputDuringTests="true"
+         beStrictAboutTestSize="true"
+         beStrictAboutTestsThatDoNotTestAnything="true"
+         beStrictAboutTodoAnnotatedTests="true"
+         checkForUnintentionallyCoveredCode="true"
+         forceCoversAnnotation="true"
+         convertErrorsToExceptions="true"
+         convertNoticesToExceptions="true"
+         convertWarningsToExceptions="true"
+         syntaxCheck="true">
+    <php>
+        <ini name="error_reporting" value="-1" />
+        <ini name="intl.default_locale" value="en" />
+        <ini name="intl.error_level" value="0" />
+        <ini name="memory_limit" value="-1" />
+    </php>
+    <testsuites>
+        <testsuite name="Unit Test Suite">
+            <directory>tests</directory>
+        </testsuite>
+    </testsuites>
+
+    <filter>
+        <whitelist processUncoveredFilesFromWhitelist="true">
+            <directory suffix=".php">src</directory>
+        </whitelist>
+
+        <blacklist>
+            <directory suffix=".php">vendor</directory>
+            <directory suffix=".php">tests</directory>
+        </blacklist>
+    </filter>
+    <logging>
+        <log type="coverage-html" target="build/tests" title="Coverage report"
+             charset="UTF-8" yui="true" highlight="true"
+             showUncoveredFiles="true"
+             lowUpperBound="35" highLowerBound="70"/>
+    </logging>
+</phpunit>