Set cross domain allow-methods header with the same value as the allow header

This commit is contained in:
Alejandro Celaya 2017-04-14 12:55:34 +02:00
parent a365faef9c
commit 62b49dcb19

View File

@ -17,6 +17,7 @@ class CrossDomainMiddleware implements MiddlewareInterface, RequestMethodInterfa
* @param DelegateInterface $delegate * @param DelegateInterface $delegate
* *
* @return Response * @return Response
* @throws \InvalidArgumentException
*/ */
public function process(Request $request, DelegateInterface $delegate) public function process(Request $request, DelegateInterface $delegate)
{ {
@ -35,7 +36,8 @@ class CrossDomainMiddleware implements MiddlewareInterface, RequestMethodInterfa
// Add OPTIONS-specific headers // Add OPTIONS-specific headers
foreach ([ foreach ([
'Access-Control-Allow-Methods' => 'GET,POST,PUT,DELETE,OPTIONS', // TODO Should be based on path // 'Access-Control-Allow-Methods' => 'GET,POST,PUT,DELETE,OPTIONS', // TODO Should be based on path
'Access-Control-Allow-Methods' => $response->getHeaderLine('Allow'),
'Access-Control-Max-Age' => '1000', 'Access-Control-Max-Age' => '1000',
'Access-Control-Allow-Headers' => $request->getHeaderLine('Access-Control-Request-Headers'), 'Access-Control-Allow-Headers' => $request->getHeaderLine('Access-Control-Request-Headers'),
] as $key => $value) { ] as $key => $value) {