From 725e163a228b235d906e436168a390c486ad6753 Mon Sep 17 00:00:00 2001 From: Marco Perberschlager Date: Mon, 16 Dec 2024 11:45:19 +0100 Subject: [PATCH] Fix: Cors header where set only when cache enabled --- src/Controller/WebserviceController.php | 9 +++- src/Service/OutputCacheService.php | 34 +-------------- src/Service/ResponseService.php | 55 ++++++++++++++++++++++++ src/Service/ResponseServiceInterface.php | 27 ++++++++++++ 4 files changed, 91 insertions(+), 34 deletions(-) create mode 100644 src/Service/ResponseService.php create mode 100644 src/Service/ResponseServiceInterface.php diff --git a/src/Controller/WebserviceController.php b/src/Controller/WebserviceController.php index 7bd44b16..1679a677 100644 --- a/src/Controller/WebserviceController.php +++ b/src/Controller/WebserviceController.php @@ -33,6 +33,7 @@ use Pimcore\Bundle\DataHubBundle\Service\CheckConsumerPermissionsService; use Pimcore\Bundle\DataHubBundle\Service\FileUploadService; use Pimcore\Bundle\DataHubBundle\Service\OutputCacheService; +use Pimcore\Bundle\DataHubBundle\Service\ResponseServiceInterface; use Pimcore\Cache\RuntimeCache; use Pimcore\Controller\FrontendController; use Pimcore\Helper\LongRunningHelper; @@ -90,7 +91,8 @@ public function webonyxAction( LocaleServiceInterface $localeService, Factory $modelFactory, Request $request, - LongRunningHelper $longRunningHelper + LongRunningHelper $longRunningHelper, + ResponseServiceInterface $responseService ) { $clientname = $request->attributes->getString('clientname'); $variableValues = null; @@ -107,6 +109,8 @@ public function webonyxAction( if ($response = $this->cacheService->load($request)) { Logger::debug('Loading response from cache'); + $responseService->addCorsHeaders($response); + return $response; } @@ -226,7 +230,10 @@ public function webonyxAction( } $response = new JsonResponse($output); + + $responseService->removeCorsHeaders($response); $this->cacheService->save($request, $response); + $responseService->addCorsHeaders($response); return $response; } diff --git a/src/Service/OutputCacheService.php b/src/Service/OutputCacheService.php index dc8d50d0..15d42aca 100644 --- a/src/Service/OutputCacheService.php +++ b/src/Service/OutputCacheService.php @@ -71,12 +71,7 @@ public function load(Request $request) $cacheKey = $this->computeKey($request); - $response = $this->loadFromCache($cacheKey); - if ($response) { - $this->addCorsHeaders($response); - } - - return $response; + return $this->loadFromCache($cacheKey); } /** @@ -89,42 +84,15 @@ public function save(Request $request, JsonResponse $response, $extraTags = []): $clientname = $request->attributes->getString('clientname'); $extraTags = array_merge(['output', 'datahub', $clientname], $extraTags); - $this->removeCorsHeaders($response); $cacheKey = $this->computeKey($request); $event = new OutputCachePreSaveEvent($request, $response); $this->eventDispatcher->dispatch($event, OutputCacheEvents::PRE_SAVE); $this->saveToCache($cacheKey, $response, $extraTags); - - $this->addCorsHeaders($response); } } - /** - * Removes CORS headers including Access-Control-Allow-Origin that should not be cached. - */ - protected function removeCorsHeaders(JsonResponse $response): void - { - $response->headers->remove('Access-Control-Allow-Origin'); - $response->headers->remove('Access-Control-Allow-Credentials'); - $response->headers->remove('Access-Control-Allow-Methods'); - $response->headers->remove('Access-Control-Allow-Headers'); - } - - protected function addCorsHeaders(JsonResponse $response): void - { - $origin = '*'; - if (!empty($_SERVER['HTTP_ORIGIN'])) { - $origin = $_SERVER['HTTP_ORIGIN']; - } - - $response->headers->set('Access-Control-Allow-Origin', $origin); - $response->headers->set('Access-Control-Allow-Credentials', 'true'); - $response->headers->set('Access-Control-Allow-Methods', 'GET, POST, OPTIONS'); - $response->headers->set('Access-Control-Allow-Headers', 'Origin, Content-Type, X-Auth-Token'); - } - /** * @param string $key * diff --git a/src/Service/ResponseService.php b/src/Service/ResponseService.php new file mode 100644 index 00000000..752e7421 --- /dev/null +++ b/src/Service/ResponseService.php @@ -0,0 +1,55 @@ +headers->remove('Access-Control-Allow-Origin'); + $response->headers->remove('Access-Control-Allow-Credentials'); + $response->headers->remove('Access-Control-Allow-Methods'); + $response->headers->remove('Access-Control-Allow-Headers'); + } + + public function addCorsHeaders(JsonResponse $response): void + { + $origin = '*'; + if (!empty($_SERVER['HTTP_ORIGIN'])) { + $origin = $_SERVER['HTTP_ORIGIN']; + } + + $response->headers->set('Access-Control-Allow-Origin', $origin); + $response->headers->set('Access-Control-Allow-Credentials', 'true'); + $response->headers->set('Access-Control-Allow-Methods', 'GET, POST, OPTIONS'); + $response->headers->set('Access-Control-Allow-Headers', 'Origin, Content-Type, X-Auth-Token'); + } +} diff --git a/src/Service/ResponseServiceInterface.php b/src/Service/ResponseServiceInterface.php new file mode 100644 index 00000000..69ac80ee --- /dev/null +++ b/src/Service/ResponseServiceInterface.php @@ -0,0 +1,27 @@ +