Finish building out methods for CorsBuilder.

cakephp · Nov 21, 2015 · 423f2e9 · 423f2e9
1 parent 0584a89
commit 423f2e9
Show file tree

Hide file tree

Showing 2 changed files with 48 additions and 8 deletions.
diff --git a/src/Network/CorsBuilder.php b/src/Network/CorsBuilder.php
@@ -27,7 +27,7 @@ public function allowOrigin($domain)
             if (!preg_match($domain['preg'], $this->_origin)) {
                 continue;
             }
-            $this->_response->header('Access-Control-Origin', $this->_origin);
+            $this->_response->header('Access-Control-Allow-Origin', $this->_origin);
             break;
         }
         return $this;
@@ -85,13 +85,21 @@ public function allowHeaders(array $headers)
         return $this;
     }
 
-    public function exposeHeaders($headers)
+    public function exposeHeaders(array $headers)
     {
+        if (empty($this->_origin)) {
+            return $this;
+        }
+        $this->_response->header('Access-Control-Expose-Headers', implode(', ', $headers));
         return $this;
     }
 
-    public function maxAge($headers)
+    public function maxAge($age)
     {
+        if (empty($this->_origin)) {
+            return $this;
+        }
+        $this->_response->header('Access-Control-Max-Age', $age);
         return $this;
     }
 }
diff --git a/tests/TestCase/Network/CorsBuilderTest.php b/tests/TestCase/Network/CorsBuilderTest.php
@@ -30,12 +30,12 @@ public function testAllowOrigin()
         $response = new Response();
         $builder = new CorsBuilder($response, 'http://www.example.com');
         $this->assertSame($builder, $builder->allowOrigin(['*.example.com', '*.foo.com']));
-        $this->assertHeader('http://www.example.com', $response, 'Access-Control-Origin');
+        $this->assertHeader('http://www.example.com', $response, 'Access-Control-Allow-Origin');
 
         $response = new Response();
         $builder = new CorsBuilder($response, 'http://www.example.com');
         $this->assertSame($builder, $builder->allowOrigin('*.example.com'));
-        $this->assertHeader('http://www.example.com', $response, 'Access-Control-Origin');
+        $this->assertHeader('http://www.example.com', $response, 'Access-Control-Allow-Origin');
     }
 
     /**
@@ -48,17 +48,17 @@ public function testAllowOriginSsl()
         $response = new Response();
         $builder = new CorsBuilder($response, 'https://www.example.com', true);
         $this->assertSame($builder, $builder->allowOrigin('http://example.com'));
-        $this->assertNoHeader($response, 'Access-Control-Origin');
+        $this->assertNoHeader($response, 'Access-Control-Allow-Origin');
 
         $response = new Response();
         $builder = new CorsBuilder($response, 'http://www.example.com', true);
         $this->assertSame($builder, $builder->allowOrigin('https://example.com'));
-        $this->assertNoHeader($response, 'Access-Control-Origin');
+        $this->assertNoHeader($response, 'Access-Control-Allow-Origin');
 
         $response = new Response();
         $builder = new CorsBuilder($response, 'http://www.example.com');
         $this->assertSame($builder, $builder->allowOrigin('https://example.com'));
-        $this->assertNoHeader($response, 'Access-Control-Origin');
+        $this->assertNoHeader($response, 'Access-Control-Allow-Origin');
     }
 
     public function testAllowMethodsNoOrigin()
@@ -109,6 +109,38 @@ public function testAllowHeaders()
         $this->assertHeader('Content-Type, Accept', $response, 'Access-Control-Allow-Headers');
     }
 
+    public function testExposeHeadersNoOrigin()
+    {
+        $response = new Response();
+        $builder = new CorsBuilder($response, '');
+        $this->assertSame($builder, $builder->exposeHeaders(['X-THING']));
+        $this->assertNoHeader($response, 'Access-Control-Expose-Headers');
+    }
+
+    public function testExposeHeaders()
+    {
+        $response = new Response();
+        $builder = new CorsBuilder($response, 'http://example.com');
+        $this->assertSame($builder, $builder->exposeHeaders(['Content-Type', 'Accept']));
+        $this->assertHeader('Content-Type, Accept', $response, 'Access-Control-Expose-Headers');
+    }
+
+    public function testMaxAgeNoOrigin()
+    {
+        $response = new Response();
+        $builder = new CorsBuilder($response, '');
+        $this->assertSame($builder, $builder->maxAge(300));
+        $this->assertNoHeader($response, 'Access-Control-Max-Age');
+    }
+
+    public function testMaxAge()
+    {
+        $response = new Response();
+        $builder = new CorsBuilder($response, 'http://example.com');
+        $this->assertSame($builder, $builder->maxAge(300));
+        $this->assertHeader('300', $response, 'Access-Control-Max-Age');
+    }
+
     /**
      * Helper for checking header values.
      *