Loading composer.lock +15 −15 Original line number Diff line number Diff line Loading @@ -8,36 +8,36 @@ "packages": [ { "name": "asm89/stack-cors", "version": "1.3.0", "version": "v2.0.5", "source": { "type": "git", "url": "https://github.com/asm89/stack-cors.git", "reference": "b9c31def6a83f84b4d4a40d35996d375755f0e08" "reference": "7a198ec737e926eab15d29368fc6fff66772b0e2" }, "dist": { "type": "zip", "url": "https://api.github.com/repos/asm89/stack-cors/zipball/b9c31def6a83f84b4d4a40d35996d375755f0e08", "reference": "b9c31def6a83f84b4d4a40d35996d375755f0e08", "url": "https://api.github.com/repos/asm89/stack-cors/zipball/7a198ec737e926eab15d29368fc6fff66772b0e2", "reference": "7a198ec737e926eab15d29368fc6fff66772b0e2", "shasum": "" }, "require": { "php": ">=5.5.9", "symfony/http-foundation": "~2.7|~3.0|~4.0|~5.0", "symfony/http-kernel": "~2.7|~3.0|~4.0|~5.0" "php": "^7.0|^8.0", "symfony/http-foundation": "~2.7|~3.0|~4.0|~5.0|~6.0", "symfony/http-kernel": "~2.7|~3.0|~4.0|~5.0|~6.0" }, "require-dev": { "phpunit/phpunit": "^5.0 || ^4.8.10", "squizlabs/php_codesniffer": "^2.3" "phpunit/phpunit": "^6|^7|^8|^9", "squizlabs/php_codesniffer": "^3.5" }, "type": "library", "extra": { "branch-alias": { "dev-master": "1.2-dev" "dev-master": "2.0-dev" } }, "autoload": { "psr-4": { "Asm89\\Stack\\": "src/Asm89/Stack/" "Asm89\\Stack\\": "src/" } }, "notification-url": "https://packagist.org/downloads/", Loading @@ -58,9 +58,9 @@ ], "support": { "issues": "https://github.com/asm89/stack-cors/issues", "source": "https://github.com/asm89/stack-cors/tree/1.3.0" "source": "https://github.com/asm89/stack-cors/tree/v2.0.5" }, "time": "2019-12-24T22:41:47+00:00" "time": "2022-01-03T15:27:13+00:00" }, { "name": "composer/installers", Loading Loading @@ -452,10 +452,10 @@ "dist": { "type": "path", "url": "core", "reference": "7963aa1162a3808d6d854bbba38a125121839b66" "reference": "0c0d32e4674b75c965916f8ec909674a0b9dd3e9" }, "require": { "asm89/stack-cors": "^1.1", "asm89/stack-cors": "^2.0.2", "composer/semver": "^3.0", "doctrine/annotations": "^1.12", "egulias/email-validator": "^2.1.22|^3.0", Loading composer/Metapackage/CoreRecommended/composer.json +1 −1 Original line number Diff line number Diff line Loading @@ -8,7 +8,7 @@ }, "require": { "drupal/core": "10.0.x-dev", "asm89/stack-cors": "1.3.0", "asm89/stack-cors": "v2.0.5", "composer/semver": "3.2.6", "doctrine/annotations": "1.13.2", "doctrine/lexer": "1.2.1", Loading core/composer.json +1 −1 Original line number Diff line number Diff line Loading @@ -42,7 +42,7 @@ "masterminds/html5": "^2.1", "symfony/psr-http-message-bridge": "^2.0", "composer/semver": "^3.0", "asm89/stack-cors": "^1.1", "asm89/stack-cors": "^2.0.2", "pear/archive_tar": "^1.4.14", "psr/log": "^1.0" }, Loading core/tests/Drupal/FunctionalTests/HttpKernel/CorsIntegrationTest.php +36 −6 Original line number Diff line number Diff line Loading @@ -48,21 +48,24 @@ public function testCrossSiteRequest() { $this->drupalGet('/test-page', [], ['Origin' => 'http://example.com']); $this->assertSession()->statusCodeEquals(200); $this->assertSession()->responseHeaderEquals('X-Drupal-Cache', 'MISS'); $this->assertSession()->responseHeaderEquals('Access-Control-Allow-Origin', 'http://example.com'); $this->assertSession()->responseHeaderEquals('Access-Control-Allow-Origin', '*'); $this->assertSession()->responseHeaderNotContains('Vary', 'Origin'); // Fire the same exact request. This time it should be cached. $this->drupalGet('/test-page', [], ['Origin' => 'http://example.com']); $this->assertSession()->statusCodeEquals(200); $this->assertSession()->responseHeaderEquals('X-Drupal-Cache', 'HIT'); $this->assertSession()->responseHeaderEquals('Access-Control-Allow-Origin', 'http://example.com'); $this->assertSession()->responseHeaderEquals('Access-Control-Allow-Origin', '*'); $this->assertSession()->responseHeaderNotContains('Vary', 'Origin'); // Fire a request for a different origin. Verify the CORS header. $this->drupalGet('/test-page', [], ['Origin' => 'http://example.org']); $this->assertSession()->statusCodeEquals(200); $this->assertSession()->responseHeaderEquals('X-Drupal-Cache', 'HIT'); $this->assertSession()->responseHeaderEquals('Access-Control-Allow-Origin', 'http://example.org'); $this->assertSession()->responseHeaderEquals('Access-Control-Allow-Origin', '*'); $this->assertSession()->responseHeaderNotContains('Vary', 'Origin'); // Configure the CORS stack to allow a specific set of origins. // Configure the CORS stack to allow a specific origin. $cors_config['allowedOrigins'] = ['http://example.com']; $this->setContainerParameter('cors.config', $cors_config); Loading @@ -71,13 +74,40 @@ public function testCrossSiteRequest() { // Fire a request from an origin that isn't allowed. /** @var \Symfony\Component\HttpFoundation\Response $response */ $this->drupalGet('/test-page', [], ['Origin' => 'http://non-valid.com']); $this->assertSession()->statusCodeEquals(403); $this->assertSession()->pageTextContains('Not allowed.'); $this->assertSession()->statusCodeEquals(200); $this->assertSession()->responseHeaderEquals('Access-Control-Allow-Origin', 'http://example.com'); $this->assertSession()->responseHeaderNotContains('Vary', 'Origin'); // Specify a valid origin. $this->drupalGet('/test-page', [], ['Origin' => 'http://example.com']); $this->assertSession()->statusCodeEquals(200); $this->assertSession()->responseHeaderEquals('Access-Control-Allow-Origin', 'http://example.com'); $this->assertSession()->responseHeaderNotContains('Vary', 'Origin'); // Configure the CORS stack to allow a specific set of origins. $cors_config['allowedOrigins'] = ['http://example.com', 'https://drupal.org']; $this->setContainerParameter('cors.config', $cors_config); $this->rebuildContainer(); // Fire a request from an origin that isn't allowed. /** @var \Symfony\Component\HttpFoundation\Response $response */ $this->drupalGet('/test-page', [], ['Origin' => 'http://non-valid.com']); $this->assertSession()->statusCodeEquals(200); $this->assertSession()->responseHeaderEquals('Access-Control-Allow-Origin', NULL); $this->assertSession()->responseHeaderContains('Vary', 'Origin'); // Specify a valid origin. $this->drupalGet('/test-page', [], ['Origin' => 'http://example.com']); $this->assertSession()->statusCodeEquals(200); $this->assertSession()->responseHeaderEquals('Access-Control-Allow-Origin', 'http://example.com'); $this->assertSession()->responseHeaderContains('Vary', 'Origin'); // Specify a valid origin. $this->drupalGet('/test-page', [], ['Origin' => 'https://drupal.org']); $this->assertSession()->statusCodeEquals(200); $this->assertSession()->responseHeaderEquals('Access-Control-Allow-Origin', 'https://drupal.org'); $this->assertSession()->responseHeaderContains('Vary', 'Origin'); // Verify POST still functions with 'Origin' header set to site's domain. $origin = \Drupal::request()->getSchemeAndHttpHost(); Loading Loading
composer.lock +15 −15 Original line number Diff line number Diff line Loading @@ -8,36 +8,36 @@ "packages": [ { "name": "asm89/stack-cors", "version": "1.3.0", "version": "v2.0.5", "source": { "type": "git", "url": "https://github.com/asm89/stack-cors.git", "reference": "b9c31def6a83f84b4d4a40d35996d375755f0e08" "reference": "7a198ec737e926eab15d29368fc6fff66772b0e2" }, "dist": { "type": "zip", "url": "https://api.github.com/repos/asm89/stack-cors/zipball/b9c31def6a83f84b4d4a40d35996d375755f0e08", "reference": "b9c31def6a83f84b4d4a40d35996d375755f0e08", "url": "https://api.github.com/repos/asm89/stack-cors/zipball/7a198ec737e926eab15d29368fc6fff66772b0e2", "reference": "7a198ec737e926eab15d29368fc6fff66772b0e2", "shasum": "" }, "require": { "php": ">=5.5.9", "symfony/http-foundation": "~2.7|~3.0|~4.0|~5.0", "symfony/http-kernel": "~2.7|~3.0|~4.0|~5.0" "php": "^7.0|^8.0", "symfony/http-foundation": "~2.7|~3.0|~4.0|~5.0|~6.0", "symfony/http-kernel": "~2.7|~3.0|~4.0|~5.0|~6.0" }, "require-dev": { "phpunit/phpunit": "^5.0 || ^4.8.10", "squizlabs/php_codesniffer": "^2.3" "phpunit/phpunit": "^6|^7|^8|^9", "squizlabs/php_codesniffer": "^3.5" }, "type": "library", "extra": { "branch-alias": { "dev-master": "1.2-dev" "dev-master": "2.0-dev" } }, "autoload": { "psr-4": { "Asm89\\Stack\\": "src/Asm89/Stack/" "Asm89\\Stack\\": "src/" } }, "notification-url": "https://packagist.org/downloads/", Loading @@ -58,9 +58,9 @@ ], "support": { "issues": "https://github.com/asm89/stack-cors/issues", "source": "https://github.com/asm89/stack-cors/tree/1.3.0" "source": "https://github.com/asm89/stack-cors/tree/v2.0.5" }, "time": "2019-12-24T22:41:47+00:00" "time": "2022-01-03T15:27:13+00:00" }, { "name": "composer/installers", Loading Loading @@ -452,10 +452,10 @@ "dist": { "type": "path", "url": "core", "reference": "7963aa1162a3808d6d854bbba38a125121839b66" "reference": "0c0d32e4674b75c965916f8ec909674a0b9dd3e9" }, "require": { "asm89/stack-cors": "^1.1", "asm89/stack-cors": "^2.0.2", "composer/semver": "^3.0", "doctrine/annotations": "^1.12", "egulias/email-validator": "^2.1.22|^3.0", Loading
composer/Metapackage/CoreRecommended/composer.json +1 −1 Original line number Diff line number Diff line Loading @@ -8,7 +8,7 @@ }, "require": { "drupal/core": "10.0.x-dev", "asm89/stack-cors": "1.3.0", "asm89/stack-cors": "v2.0.5", "composer/semver": "3.2.6", "doctrine/annotations": "1.13.2", "doctrine/lexer": "1.2.1", Loading
core/composer.json +1 −1 Original line number Diff line number Diff line Loading @@ -42,7 +42,7 @@ "masterminds/html5": "^2.1", "symfony/psr-http-message-bridge": "^2.0", "composer/semver": "^3.0", "asm89/stack-cors": "^1.1", "asm89/stack-cors": "^2.0.2", "pear/archive_tar": "^1.4.14", "psr/log": "^1.0" }, Loading
core/tests/Drupal/FunctionalTests/HttpKernel/CorsIntegrationTest.php +36 −6 Original line number Diff line number Diff line Loading @@ -48,21 +48,24 @@ public function testCrossSiteRequest() { $this->drupalGet('/test-page', [], ['Origin' => 'http://example.com']); $this->assertSession()->statusCodeEquals(200); $this->assertSession()->responseHeaderEquals('X-Drupal-Cache', 'MISS'); $this->assertSession()->responseHeaderEquals('Access-Control-Allow-Origin', 'http://example.com'); $this->assertSession()->responseHeaderEquals('Access-Control-Allow-Origin', '*'); $this->assertSession()->responseHeaderNotContains('Vary', 'Origin'); // Fire the same exact request. This time it should be cached. $this->drupalGet('/test-page', [], ['Origin' => 'http://example.com']); $this->assertSession()->statusCodeEquals(200); $this->assertSession()->responseHeaderEquals('X-Drupal-Cache', 'HIT'); $this->assertSession()->responseHeaderEquals('Access-Control-Allow-Origin', 'http://example.com'); $this->assertSession()->responseHeaderEquals('Access-Control-Allow-Origin', '*'); $this->assertSession()->responseHeaderNotContains('Vary', 'Origin'); // Fire a request for a different origin. Verify the CORS header. $this->drupalGet('/test-page', [], ['Origin' => 'http://example.org']); $this->assertSession()->statusCodeEquals(200); $this->assertSession()->responseHeaderEquals('X-Drupal-Cache', 'HIT'); $this->assertSession()->responseHeaderEquals('Access-Control-Allow-Origin', 'http://example.org'); $this->assertSession()->responseHeaderEquals('Access-Control-Allow-Origin', '*'); $this->assertSession()->responseHeaderNotContains('Vary', 'Origin'); // Configure the CORS stack to allow a specific set of origins. // Configure the CORS stack to allow a specific origin. $cors_config['allowedOrigins'] = ['http://example.com']; $this->setContainerParameter('cors.config', $cors_config); Loading @@ -71,13 +74,40 @@ public function testCrossSiteRequest() { // Fire a request from an origin that isn't allowed. /** @var \Symfony\Component\HttpFoundation\Response $response */ $this->drupalGet('/test-page', [], ['Origin' => 'http://non-valid.com']); $this->assertSession()->statusCodeEquals(403); $this->assertSession()->pageTextContains('Not allowed.'); $this->assertSession()->statusCodeEquals(200); $this->assertSession()->responseHeaderEquals('Access-Control-Allow-Origin', 'http://example.com'); $this->assertSession()->responseHeaderNotContains('Vary', 'Origin'); // Specify a valid origin. $this->drupalGet('/test-page', [], ['Origin' => 'http://example.com']); $this->assertSession()->statusCodeEquals(200); $this->assertSession()->responseHeaderEquals('Access-Control-Allow-Origin', 'http://example.com'); $this->assertSession()->responseHeaderNotContains('Vary', 'Origin'); // Configure the CORS stack to allow a specific set of origins. $cors_config['allowedOrigins'] = ['http://example.com', 'https://drupal.org']; $this->setContainerParameter('cors.config', $cors_config); $this->rebuildContainer(); // Fire a request from an origin that isn't allowed. /** @var \Symfony\Component\HttpFoundation\Response $response */ $this->drupalGet('/test-page', [], ['Origin' => 'http://non-valid.com']); $this->assertSession()->statusCodeEquals(200); $this->assertSession()->responseHeaderEquals('Access-Control-Allow-Origin', NULL); $this->assertSession()->responseHeaderContains('Vary', 'Origin'); // Specify a valid origin. $this->drupalGet('/test-page', [], ['Origin' => 'http://example.com']); $this->assertSession()->statusCodeEquals(200); $this->assertSession()->responseHeaderEquals('Access-Control-Allow-Origin', 'http://example.com'); $this->assertSession()->responseHeaderContains('Vary', 'Origin'); // Specify a valid origin. $this->drupalGet('/test-page', [], ['Origin' => 'https://drupal.org']); $this->assertSession()->statusCodeEquals(200); $this->assertSession()->responseHeaderEquals('Access-Control-Allow-Origin', 'https://drupal.org'); $this->assertSession()->responseHeaderContains('Vary', 'Origin'); // Verify POST still functions with 'Origin' header set to site's domain. $origin = \Drupal::request()->getSchemeAndHttpHost(); Loading
