Close #27

.gitignore

@@ -1,4 +1,5 @@
 /vendor/
 /build/
+/html-coverage/
 .idea/
-composer.lock
+composer.lock

.travis.yml

@@ -1,14 +1,12 @@
 language: php
 dist: trusty
 php:
-- 5.6
-- 7.0
-- 7.1
 - 7.2
 - 7.3
+- 7.4
 matrix:
   include:
-    - php: 5.6
+    - php: 7.2
       script:
       - ./vendor/bin/phpunit --coverage-text --coverage-clover=coverage.clover
       after_script:

NOTICE

@@ -1,5 +1,5 @@
 CORS (Cross-Origin Resource Sharing) support for Laravel and Lumen
 
-Copyright 2015-2019 info@neomerx.com
+Copyright 2015-2020 info@neomerx.com
 
 This product includes software developed at Neomerx (www.neomerx.com).

README.md

@@ -10,6 +10,8 @@ This package adds [Cross-Origin Resource Sharing](http://www.w3.org/TR/cors/) (C
 
 The package is based on [Framework agnostic (PSR-7) CORS implementation](https://github.com/neomerx/cors-psr7).
 
+The **current version V3** is designed for Laravel 6 or higher. If you use lower Laravel version please use **V2**.
+
 ## Install
 
 ### 1 Composer
@@ -18,11 +20,9 @@ The package is based on [Framework agnostic (PSR-7) CORS implementation](https:/
 composer require neomerx/cors-illuminate
 ```
 
-### 2.1 Laravel 5.5+
-
-> For Laravel prior 5.5 skip this step and see step 2.2
+### 2.1 Laravel
 
-> For Lumen skip this step and see step 2.3
+> For Lumen skip this step and see step 2.2
 
 Create a config file by executing
 
@@ -32,35 +32,6 @@ php artisan vendor:publish --provider="Neomerx\CorsIlluminate\Providers\LaravelS
 
 it will create `config/cors-illuminate.php` file in you application.
 
-> Next see step 3
-
-### 2.2 Laravel
-
-> For Laravel 5.5+ skip this step and see step 3
-
-> For Lumen skip this step and see step 2.3
-
-Add CORS provider by adding the following line to your `config/app.php` file
-```php
-<?php
-
-return [
-
-    ...
-
-    'providers' => [
-
-        ...
-
-        \Neomerx\CorsIlluminate\Providers\LaravelServiceProvider::class,
-
-    ],
-
-    ...
-
-];
-```
-
 Add CORS middleware to your HTTP stack at `app/Http/Kernel.php` file. The middleware should be added to `$middleware` list which is executed for all routes (even non declared in your routes file). Preferably before 'heavy' middleware for performance reasons.
 
 ```php
@@ -79,17 +50,9 @@ class Kernel extends HttpKernel
 }
 ```
 
-Create a config file by executing
-
-```
-php artisan vendor:publish --provider="Neomerx\CorsIlluminate\Providers\LaravelServiceProvider"
-```
-
-it will create `config/cors-illuminate.php` file in you application.
-
 > Next see step 3
 
-### 2.3 Lumen
+### 2.2 Lumen
 
 > For Laravel skip this step
 
@@ -130,25 +93,26 @@ As Lumen does not support `vendor:publish` command file `vendor/neomerx/cors-ill
     ],
 
     /**
-     * A list of allowed request origins (lower-cased, no trail slashes).
-     * Value `true` enables and value `null` disables origin.
+     * A list of allowed request origins (no trail slashes).
      * If value is not on the list it is considered as not allowed.
-     * Environment variables could be used for enabling/disabling certain hosts.
+     * If you want to allow all origins remove/comment this section.
      */
     Settings::KEY_ALLOWED_ORIGINS => [
-        'http://localhost:4200' => true,
+        'http://localhost:4200',
     ],
 
     ...
 ```
 
 ## Exceptions and CORS headers
 
-When exceptions are thrown and responses are created in [Laravel/Lumen exception handlers](http://laravel.com/docs/5.1/errors) middleware will be excluded from handling responses. It means CORS middleware will not add its CORS headers to responses. For this reason CORS results (including headers) are registered in [Laravel/Lumen Container](http://laravel.com/docs/5.1/container) and made accessible from any part of your application including exception handlers.
+When exceptions are thrown and responses are created in [Laravel/Lumen exception handlers](https://laravel.com/docs/6.x/errors) middleware will be excluded from handling responses. It means CORS middleware will not add its CORS headers to responses. For this reason CORS results (including headers) are registered in [Laravel/Lumen Container](https://laravel.com/docs/6.x/container) and made accessible from any part of your application including exception handlers.
 
 Code sample for reading CORS headers
 
 ```php
+use Neomerx\Cors\Contracts\AnalysisResultInterface;
+
 $corsHeaders = [];
 if (app()->resolved(AnalysisResultInterface::class) === true) {
     /** @var AnalysisResultInterface $result */
@@ -161,18 +125,18 @@ if (app()->resolved(AnalysisResultInterface::class) === true) {
 
 This package provides a number of ways how its behaviour could be customized.
 
-The following methods of class `CorsMiddleware` could be overriden
+The following methods of class `CorsMiddleware` could be replaced in descendant classes
 - `getResponseOnError` You can override this method in order to customize error reply.
 - `getCorsAnalysis` You can override this method to modify how CORS analysis result is saved to Illuminate Container.
 - `getRequestAdapter` You can override this method to replace `IlluminateRequestToPsr7` adapter with another one.
 
 Additionally a custom [AnalysisStrategyInterface](https://github.com/neomerx/cors-psr7/blob/master/src/Contracts/AnalysisStrategyInterface.php) could be injected by
 - overriding `getCreateAnalysisStrategyClosure` method in `ServiceProvider` for Laravel/Lumen
-- using [Laravel/Lumen Container binding](http://laravel.com/docs/5.1/container) for interface `AnalysisStrategyInterface`
+- using [Laravel/Lumen Container binding](https://laravel.com/docs/6.x/container) for interface `AnalysisStrategyInterface`
 
 Also custom [AnalyzerInterface](https://github.com/neomerx/cors-psr7/blob/master/src/Contracts/AnalyzerInterface.php) could be injected by
 - overriding `getCreateAnalyzerClosure` method in `ServiceProvider` for Laravel/Lumen
-- using [Laravel/Lumen Container binding](http://laravel.com/docs/5.1/container) for interface `AnalyzerInterface`
+- using [Laravel/Lumen Container binding](https://laravel.com/docs/6.x/container) for interface `AnalyzerInterface`
 
 ## Testing
 

composer.json

@@ -21,17 +21,17 @@
     }
   ],
   "require": {
-    "php": ">=5.6.0",
+    "php": ">=7.2.0",
     "psr/http-message": "^1.0",
     "psr/log": "^1.0",
-    "illuminate/http": "^5.1",
-    "neomerx/cors-psr7": "^1.0"
+    "illuminate/http": "^6.0",
+    "neomerx/cors-psr7": "^2.0"
   },
   "require-dev": {
-    "phpunit/phpunit": "^5.7",
-    "mockery/mockery": "^0.9.4",
-    "scrutinizer/ocular": "^1.1",
-    "phpmd/phpmd": "^2.6",
+    "phpunit/phpunit": "^8.0",
+    "mockery/mockery": "^1.3",
+    "scrutinizer/ocular": "^1.7",
+    "phpmd/phpmd": "^2.8",
     "squizlabs/php_codesniffer": "^3.0"
   },
   "minimum-stability": "stable",

config/cors-illuminate.php

@@ -1,4 +1,4 @@
-<?php
+<?php declare(strict_types = 1);
 
 use \Neomerx\CorsIlluminate\Settings\Settings as S;
 
@@ -20,22 +20,16 @@
     ],
 
     /**
-     * A list of allowed request origins (lower-cased, no trail slashes).
-     * Value `true` enables and value `null` disables origin.
+     * A list of allowed request origins (no trail slashes).
      * If value is not on the list it is considered as not allowed.
-     * Environment variables could be used for enabling/disabling certain hosts.
+     * If you want to allow all origins remove/comment this section.
      */
     S::KEY_ALLOWED_ORIGINS => [
-        'http://localhost'         => true,
-        'http://some.disabled.com' => null,
-        // Enabling all origins might be insecure. Consider before using in production.
-        S::VALUE_ALLOW_ORIGIN_ALL  => null,
+        'http://localhost',
     ],
 
     /**
-     * A list of allowed request methods (case sensitive). Value `true` enables and value `null` disables method.
-     * If value is not on the list it is considered as not allowed.
-     * Environment variables could be used for enabling/disabling certain methods.
+     * A list of allowed request methods. * If value is not on the list it is considered as not allowed.
      *
      * Security Note: you have to remember CORS is not access control system and you should not expect all cross-origin
      * requests will have pre-flights. For so-called 'simple' methods with so-called 'simple' headers request
@@ -46,17 +40,15 @@
      * You can read more on 'simple' methods at http://www.w3.org/TR/cors/#simple-method
      */
     S::KEY_ALLOWED_METHODS => [
-        'GET'    => true,
-        'PATCH'  => true,
-        'POST'   => true,
-        'PUT'    => true,
-        'DELETE' => true,
+        'GET',
+        'PATCH',
+        'POST',
+        'PUT',
+        'DELETE',
     ],
 
     /**
-     * A list of allowed request headers (lower-cased). Value `true` enables and value `null` disables header.
-     * If value is not on the list it is considered as not allowed.
-     * Environment variables could be used for enabling/disabling certain headers.
+     * A list of allowed request headers. If value is not on the list it is considered as not allowed.
      *
      * Security Note: you have to remember CORS is not access control system and you should not expect all cross-origin
      * requests will have pre-flights. For so-called 'simple' methods with so-called 'simple' headers request
@@ -67,28 +59,14 @@
      * You can read more on 'simple' headers at http://www.w3.org/TR/cors/#simple-header
      */
     S::KEY_ALLOWED_HEADERS => [
-        'content-type'             => null,
-        'x-custom-request-header'  => null,
-        // Enabling all headers might be insecure. Not recommended to use in production.
-        S::VALUE_ALLOW_ALL_HEADERS => null,
+        'Content-Type',
     ],
 
     /**
      * A list of headers (case insensitive) which will be made accessible to user agent (browser) in response.
-     * Value `true` enables and value `null` disables header.
-     * If value is not on the list it is considered as not allowed.
-     * Environment variables could be used for enabling/disabling certain headers.
-     *
-     * For example,
-     *
-     * public static $exposedHeaders = [
-     *     'content-type'             => true,
-     *     'x-custom-response-header' => null,
-     * ];
      */
     S::KEY_EXPOSED_HEADERS => [
-        'content-type'             => null,
-        'x-custom-response-header' => null,
+        'Content-Type',
     ],
 
     /**

phpunit.xml

@@ -1,30 +1,30 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <phpunit bootstrap="./vendor/autoload.php"
-		 backupGlobals="false"
-		 backupStaticAttributes="false"
-		 colors="true"
-		 verbose="true"
-		 convertErrorsToExceptions="true"
-		 convertNoticesToExceptions="true"
-		 convertWarningsToExceptions="true"
-		 processIsolation="false"
-		 stopOnFailure="false"
-		 syntaxCheck="true">
-	<testsuites>
-		<testsuite name="All">
-			<directory>./tests/</directory>
-		</testsuite>
-	</testsuites>
-	<filter>
-		<whitelist>
-			<directory suffix=".php">src/</directory>
-		</whitelist>
-	</filter>
-	<!--logging>
-		<log type="tap" target="build/report.tap"/>
-		<log type="junit" target="build/report.junit.xml"/>
-		<log type="coverage-html" target="build/coverage" charset="UTF-8" yui="true" highlight="true"/>
-		<log type="coverage-text" target="build/coverage.txt"/>
-		<log type="coverage-clover" target="build/clover.xml"/>
-	</logging-->
-</phpunit>
+         backupGlobals="false"
+         backupStaticAttributes="false"
+         colors="true"
+         verbose="true"
+         convertErrorsToExceptions="true"
+         convertNoticesToExceptions="true"
+         convertWarningsToExceptions="true"
+         processIsolation="false"
+         stopOnFailure="false"
+         cacheResult="false">
+    <testsuites>
+        <testsuite name="All">
+            <directory>./tests/</directory>
+        </testsuite>
+    </testsuites>
+    <filter>
+        <whitelist>
+            <directory suffix=".php">src/</directory>
+        </whitelist>
+    </filter>
+    <!--logging>
+        <log type="tap" target="build/report.tap"/>
+        <log type="junit" target="build/report.junit.xml"/>
+        <log type="coverage-html" target="build/coverage" charset="UTF-8" yui="true" highlight="true"/>
+        <log type="coverage-text" target="build/coverage.txt"/>
+        <log type="coverage-clover" target="build/clover.xml"/>
+    </logging-->
+</phpunit>

src/Adapters/IlluminateRequestToPsr7.php

@@ -1,7 +1,9 @@
-<?php namespace Neomerx\CorsIlluminate\Adapters;
+<?php declare(strict_types = 1);
+
+namespace Neomerx\CorsIlluminate\Adapters;
 
 /**
- * Copyright 2015-2019 info@neomerx.com
+ * Copyright 2015-2020 info@neomerx.com
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,11 +18,11 @@
  * limitations under the License.
  */
 
-use \LogicException;
-use \Illuminate\Http\Request;
-use \Psr\Http\Message\UriInterface;
-use \Psr\Http\Message\StreamInterface;
-use \Psr\Http\Message\RequestInterface;
+use Illuminate\Http\Request;
+use LogicException;
+use Psr\Http\Message\RequestInterface;
+use Psr\Http\Message\StreamInterface;
+use Psr\Http\Message\UriInterface;
 
 /**
  * This class is a wrapper for Laravel/Lumen Requests to PSR-7 compatible objects designed specifically for