[Bug]: Cors headers not set when cache was not enabled (#925)

* Fix: Cors header where set only when cache enabled * Apply php-cs-fixer changes --------- Co-authored-by: mcop1 <[email protected]>
pimcore · Dec 16, 2024 · 2c120fd · 2c120fd
1 parent f88cb83
commit 2c120fd
Show file tree

Hide file tree

Showing 4 changed files with 85 additions and 34 deletions.
diff --git a/src/Controller/WebserviceController.php b/src/Controller/WebserviceController.php
@@ -33,6 +33,7 @@
 use Pimcore\Bundle\DataHubBundle\Service\CheckConsumerPermissionsService;
 use Pimcore\Bundle\DataHubBundle\Service\FileUploadService;
 use Pimcore\Bundle\DataHubBundle\Service\OutputCacheService;
+use Pimcore\Bundle\DataHubBundle\Service\ResponseServiceInterface;
 use Pimcore\Cache\RuntimeCache;
 use Pimcore\Controller\FrontendController;
 use Pimcore\Helper\LongRunningHelper;
@@ -90,7 +91,8 @@ public function webonyxAction(
         LocaleServiceInterface $localeService,
         Factory $modelFactory,
         Request $request,
-        LongRunningHelper $longRunningHelper
+        LongRunningHelper $longRunningHelper,
+        ResponseServiceInterface $responseService
     ) {
         $clientname = $request->attributes->getString('clientname');
         $variableValues = null;
@@ -107,6 +109,8 @@ public function webonyxAction(
         if ($response = $this->cacheService->load($request)) {
             Logger::debug('Loading response from cache');
 
+            $responseService->addCorsHeaders($response);
+
             return $response;
         }
 
@@ -226,7 +230,10 @@ public function webonyxAction(
         }
 
         $response = new JsonResponse($output);
+
+        $responseService->removeCorsHeaders($response);
         $this->cacheService->save($request, $response);
+        $responseService->addCorsHeaders($response);
 
         return $response;
     }

diff --git a/src/Service/OutputCacheService.php b/src/Service/OutputCacheService.php
@@ -71,12 +71,7 @@ public function load(Request $request)
 
         $cacheKey = $this->computeKey($request);
 
-        $response = $this->loadFromCache($cacheKey);
-        if ($response) {
-            $this->addCorsHeaders($response);
-        }
-
-        return $response;
+        return $this->loadFromCache($cacheKey);
     }
 
     /**
@@ -89,42 +84,15 @@ public function save(Request $request, JsonResponse $response, $extraTags = []):
             $clientname = $request->attributes->getString('clientname');
             $extraTags = array_merge(['output', 'datahub', $clientname], $extraTags);
 
-            $this->removeCorsHeaders($response);
             $cacheKey = $this->computeKey($request);
 
             $event = new OutputCachePreSaveEvent($request, $response);
             $this->eventDispatcher->dispatch($event, OutputCacheEvents::PRE_SAVE);
 
             $this->saveToCache($cacheKey, $response, $extraTags);
-
-            $this->addCorsHeaders($response);
         }
     }
 
-    /**
-     * Removes CORS headers including Access-Control-Allow-Origin that should not be cached.
-     */
-    protected function removeCorsHeaders(JsonResponse $response): void
-    {
-        $response->headers->remove('Access-Control-Allow-Origin');
-        $response->headers->remove('Access-Control-Allow-Credentials');
-        $response->headers->remove('Access-Control-Allow-Methods');
-        $response->headers->remove('Access-Control-Allow-Headers');
-    }
-
-    protected function addCorsHeaders(JsonResponse $response): void
-    {
-        $origin = '*';
-        if (!empty($_SERVER['HTTP_ORIGIN'])) {
-            $origin = $_SERVER['HTTP_ORIGIN'];
-        }
-
-        $response->headers->set('Access-Control-Allow-Origin', $origin);
-        $response->headers->set('Access-Control-Allow-Credentials', 'true');
-        $response->headers->set('Access-Control-Allow-Methods', 'GET, POST, OPTIONS');
-        $response->headers->set('Access-Control-Allow-Headers', 'Origin, Content-Type, X-Auth-Token');
-    }
-
     /**
      * @param string $key
      *

diff --git a/src/Service/ResponseService.php b/src/Service/ResponseService.php
@@ -0,0 +1,48 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * Pimcore
+ *
+ * This source file is available under two different licenses:
+ * - GNU General Public License version 3 (GPLv3)
+ * - Pimcore Commercial License (PCL)
+ * Full copyright and license information is available in
+ * LICENSE.md which is distributed with this source code.
+ *
+ *  @copyright  Copyright (c) Pimcore GmbH (http://www.pimcore.org)
+ *  @license    http://www.pimcore.org/license     GPLv3 and PCL
+ */
+
+namespace Pimcore\Bundle\DataHubBundle\Service;
+
+use Symfony\Component\HttpFoundation\JsonResponse;
+
+/** @internal */
+final class ResponseService implements ResponseServiceInterface
+{
+    /**
+     * Removes CORS headers including Access-Control-Allow-Origin that should not be cached.
+     */
+    public function removeCorsHeaders(JsonResponse $response): void
+    {
+        $response->headers->remove('Access-Control-Allow-Origin');
+        $response->headers->remove('Access-Control-Allow-Credentials');
+        $response->headers->remove('Access-Control-Allow-Methods');
+        $response->headers->remove('Access-Control-Allow-Headers');
+    }
+
+    public function addCorsHeaders(JsonResponse $response): void
+    {
+        $origin = '*';
+        if (!empty($_SERVER['HTTP_ORIGIN'])) {
+            $origin = $_SERVER['HTTP_ORIGIN'];
+        }
+
+        $response->headers->set('Access-Control-Allow-Origin', $origin);
+        $response->headers->set('Access-Control-Allow-Credentials', 'true');
+        $response->headers->set('Access-Control-Allow-Methods', 'GET, POST, OPTIONS');
+        $response->headers->set('Access-Control-Allow-Headers', 'Origin, Content-Type, X-Auth-Token');
+    }
+}
diff --git a/src/Service/ResponseServiceInterface.php b/src/Service/ResponseServiceInterface.php
@@ -0,0 +1,28 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * Pimcore
+ *
+ * This source file is available under two different licenses:
+ * - GNU General Public License version 3 (GPLv3)
+ * - Pimcore Commercial License (PCL)
+ * Full copyright and license information is available in
+ * LICENSE.md which is distributed with this source code.
+ *
+ *  @copyright  Copyright (c) Pimcore GmbH (http://www.pimcore.org)
+ *  @license    http://www.pimcore.org/license     GPLv3 and PCL
+ */
+
+namespace Pimcore\Bundle\DataHubBundle\Service;
+
+use Symfony\Component\HttpFoundation\JsonResponse;
+
+/** @internal  */
+interface ResponseServiceInterface
+{
+    public function removeCorsHeaders(JsonResponse $response): void;
+
+    public function addCorsHeaders(JsonResponse $response): void;
+}