public function onResponse(FilterResponseEvent $event)
{
if (HttpKernelInterface::MASTER_REQUEST !== $event->getRequestType()) {
return;
}
$response = $event->getResponse();
$request = $event->getRequest();
// HACK: revert exception status code to main request (i have no idea why it's chnaged to 500)
if (is_array($content = json_decode($response->getContent(), true))) {
if (array_key_exists('errors', $content)) {
if (isset($content['errors'][0]['code'])) {
$response->setStatusCode($content['errors'][0]['code'], $content['errors'][0]['message']);
}
}
}
if (!$this->container->hasParameter('newscoop.gimme.allow_origin')) {
return false;
}
$allowedHosts = $this->container->getParameter('newscoop.gimme.allow_origin');
if (count($allowedHosts) == 0) {
return false;
}
$allowedMethods = array('POST', 'GET', 'PUT', 'DELETE', 'LINK', 'UNLINK', 'PATCH', 'OPTIONS');
if (preg_match('/Firefox/', $request->headers->get('user-agent'))) {
foreach ($allowedMethods as $method) {
$allowedMethods[] = ucfirst(strtolower($method));
}
}
$response->headers->set('Access-Control-Allow-Methods', implode(', ', $allowedMethods));
$response->headers->set('Access-Control-Expose-Headers', 'X-Location, X-Debug');
if (in_array('*', $allowedHosts)) {
$response->headers->set('Access-Control-Allow-Origin', '*');
} else {
foreach ($allowedHosts as $host) {
if ($request->server->get('HTTP_ORIGIN') == $host) {
$response->headers->set('Access-Control-Allow-Origin', $host);
}
}
}
$event->setResponse($response);
}