Skip to content

Commit

Permalink
Fix: Cors header where set only when cache enabled
Browse files Browse the repository at this point in the history
  • Loading branch information
mcop1 committed Dec 16, 2024
1 parent f88cb83 commit 725e163
Show file tree
Hide file tree
Showing 4 changed files with 91 additions and 34 deletions.
9 changes: 8 additions & 1 deletion src/Controller/WebserviceController.php
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@
use Pimcore\Bundle\DataHubBundle\Service\CheckConsumerPermissionsService;
use Pimcore\Bundle\DataHubBundle\Service\FileUploadService;
use Pimcore\Bundle\DataHubBundle\Service\OutputCacheService;
use Pimcore\Bundle\DataHubBundle\Service\ResponseServiceInterface;
use Pimcore\Cache\RuntimeCache;
use Pimcore\Controller\FrontendController;
use Pimcore\Helper\LongRunningHelper;
Expand Down Expand Up @@ -90,7 +91,8 @@ public function webonyxAction(
LocaleServiceInterface $localeService,
Factory $modelFactory,
Request $request,
LongRunningHelper $longRunningHelper
LongRunningHelper $longRunningHelper,
ResponseServiceInterface $responseService
) {
$clientname = $request->attributes->getString('clientname');
$variableValues = null;
Expand All @@ -107,6 +109,8 @@ public function webonyxAction(
if ($response = $this->cacheService->load($request)) {
Logger::debug('Loading response from cache');

$responseService->addCorsHeaders($response);

return $response;
}

Expand Down Expand Up @@ -226,7 +230,10 @@ public function webonyxAction(
}

$response = new JsonResponse($output);

$responseService->removeCorsHeaders($response);
$this->cacheService->save($request, $response);
$responseService->addCorsHeaders($response);

return $response;
}
Expand Down
34 changes: 1 addition & 33 deletions src/Service/OutputCacheService.php
Original file line number Diff line number Diff line change
Expand Up @@ -71,12 +71,7 @@ public function load(Request $request)

$cacheKey = $this->computeKey($request);

$response = $this->loadFromCache($cacheKey);
if ($response) {
$this->addCorsHeaders($response);
}

return $response;
return $this->loadFromCache($cacheKey);
}

/**
Expand All @@ -89,42 +84,15 @@ public function save(Request $request, JsonResponse $response, $extraTags = []):
$clientname = $request->attributes->getString('clientname');
$extraTags = array_merge(['output', 'datahub', $clientname], $extraTags);

$this->removeCorsHeaders($response);
$cacheKey = $this->computeKey($request);

$event = new OutputCachePreSaveEvent($request, $response);
$this->eventDispatcher->dispatch($event, OutputCacheEvents::PRE_SAVE);

$this->saveToCache($cacheKey, $response, $extraTags);

$this->addCorsHeaders($response);
}
}

/**
* Removes CORS headers including Access-Control-Allow-Origin that should not be cached.
*/
protected function removeCorsHeaders(JsonResponse $response): void
{
$response->headers->remove('Access-Control-Allow-Origin');
$response->headers->remove('Access-Control-Allow-Credentials');
$response->headers->remove('Access-Control-Allow-Methods');
$response->headers->remove('Access-Control-Allow-Headers');
}

protected function addCorsHeaders(JsonResponse $response): void
{
$origin = '*';
if (!empty($_SERVER['HTTP_ORIGIN'])) {
$origin = $_SERVER['HTTP_ORIGIN'];
}

$response->headers->set('Access-Control-Allow-Origin', $origin);
$response->headers->set('Access-Control-Allow-Credentials', 'true');
$response->headers->set('Access-Control-Allow-Methods', 'GET, POST, OPTIONS');
$response->headers->set('Access-Control-Allow-Headers', 'Origin, Content-Type, X-Auth-Token');
}

/**
* @param string $key
*
Expand Down
55 changes: 55 additions & 0 deletions src/Service/ResponseService.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
<?php

declare(strict_types=1);

/**
* Pimcore
*
* This source file is available under two different licenses:
* - GNU General Public License version 3 (GPLv3)
* - Pimcore Commercial License (PCL)
* Full copyright and license information is available in
* LICENSE.md which is distributed with this source code.
*
* @copyright Copyright (c) Pimcore GmbH (http://www.pimcore.org)
* @license http://www.pimcore.org/license GPLv3 and PCL
*/

namespace Pimcore\Bundle\DataHubBundle\Service;

use Pimcore\Bundle\DataHubBundle\Event\GraphQL\Model\OutputCachePreLoadEvent;
use Pimcore\Bundle\DataHubBundle\Event\GraphQL\Model\OutputCachePreSaveEvent;
use Pimcore\Bundle\DataHubBundle\Event\GraphQL\OutputCacheEvents;
use Pimcore\Logger;
use Symfony\Component\DependencyInjection\ParameterBag\ContainerBagInterface;
use Symfony\Component\EventDispatcher\EventDispatcherInterface;
use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\HttpFoundation\Request;

/** @internal */
final class ResponseService implements ResponseServiceInterface
{
/**
* Removes CORS headers including Access-Control-Allow-Origin that should not be cached.
*/
public function removeCorsHeaders(JsonResponse $response): void
{
$response->headers->remove('Access-Control-Allow-Origin');
$response->headers->remove('Access-Control-Allow-Credentials');
$response->headers->remove('Access-Control-Allow-Methods');
$response->headers->remove('Access-Control-Allow-Headers');
}

public function addCorsHeaders(JsonResponse $response): void
{
$origin = '*';
if (!empty($_SERVER['HTTP_ORIGIN'])) {
$origin = $_SERVER['HTTP_ORIGIN'];
}

$response->headers->set('Access-Control-Allow-Origin', $origin);
$response->headers->set('Access-Control-Allow-Credentials', 'true');
$response->headers->set('Access-Control-Allow-Methods', 'GET, POST, OPTIONS');
$response->headers->set('Access-Control-Allow-Headers', 'Origin, Content-Type, X-Auth-Token');
}
}
27 changes: 27 additions & 0 deletions src/Service/ResponseServiceInterface.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
<?php

declare(strict_types=1);

/**
* Pimcore
*
* This source file is available under two different licenses:
* - GNU General Public License version 3 (GPLv3)
* - Pimcore Commercial License (PCL)
* Full copyright and license information is available in
* LICENSE.md which is distributed with this source code.
*
* @copyright Copyright (c) Pimcore GmbH (http://www.pimcore.org)
* @license http://www.pimcore.org/license GPLv3 and PCL
*/

namespace Pimcore\Bundle\DataHubBundle\Service;

use Symfony\Component\HttpFoundation\JsonResponse;

/** @internal */
interface ResponseServiceInterface
{
public function removeCorsHeaders(JsonResponse $response): void;
public function addCorsHeaders(JsonResponse $response): void;
}

0 comments on commit 725e163

Please sign in to comment.