<?php declare(strict_types=1);
namespace Shopware\Core\Framework\Api\EventListener;
use Shopware\Core\PlatformRequest;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\Event\RequestEvent;
use Symfony\Component\HttpKernel\Event\ResponseEvent;
use Symfony\Component\HttpKernel\KernelEvents;
class CorsListener implements EventSubscriberInterface
{
public static function getSubscribedEvents(): array
{
return [
KernelEvents::REQUEST => ['onKernelRequest', 9999],
KernelEvents::RESPONSE => ['onKernelResponse', 9999],
];
}
public function onKernelRequest(RequestEvent $event): void
{
if (!$event->isMainRequest()) {
return;
}
$method = $event->getRequest()->getRealMethod();
if ($method === 'OPTIONS') {
$response = new Response();
$event->setResponse($response);
}
}
public function onKernelResponse(ResponseEvent $event): void
{
if (!$event->isMainRequest()) {
return;
}
$corsHeaders = [
'Content-Type',
'Authorization',
PlatformRequest::HEADER_CONTEXT_TOKEN,
PlatformRequest::HEADER_ACCESS_KEY,
PlatformRequest::HEADER_LANGUAGE_ID,
PlatformRequest::HEADER_VERSION_ID,
PlatformRequest::HEADER_INHERITANCE,
PlatformRequest::HEADER_FAIL_ON_ERROR,
PlatformRequest::HEADER_INDEXING_BEHAVIOR,
PlatformRequest::HEADER_SINGLE_OPERATION,
PlatformRequest::HEADER_INCLUDE_SEO_URLS,
];
$response = $event->getResponse();
$response->headers->set('Access-Control-Allow-Origin', '*');
$response->headers->set('Access-Control-Allow-Methods', 'GET,POST,PUT,PATCH,DELETE');
$response->headers->set('Access-Control-Allow-Headers', implode(',', $corsHeaders));
$response->headers->set('Access-Control-Expose-Headers', implode(',', $corsHeaders));
}
}