Lumen 5.2?

[Malraoosh]

I just upgrade to the latest version of lumen and when i use postman to test my work i get this error:

[2016-04-26 12:39:41] lumen.DEBUG: CORS analysis for request started.  
[2016-04-26 12:39:41] lumen.ERROR: exception 'ErrorException' with message 'Undefined offset: 9' in /share/vendor/neomerx/cors-psr7/src/Strategies/Settings.php:344
Stack trace:
#0 /share/vendor/neomerx/cors-psr7/src/Strategies/Settings.php(344): Laravel\Lumen\Application->Laravel\Lumen\Concerns\{closure}(8, 'Undefined offse...', '/share/vendor/n...', 344, Array)
#1 /share/vendor/neomerx/cors-psr7/src/Analyzer.php(132): Neomerx\Cors\Strategies\Settings->isCheckHost()
#2 /share/vendor/neomerx/cors-psr7/src/Analyzer.php(115): Neomerx\Cors\Analyzer->analyzeImplementation(Object(Neomerx\CorsIlluminate\Adapters\IlluminateRequestToPsr7))
#3 /share/vendor/neomerx/cors-illuminate/src/CorsMiddleware.php(116): Neomerx\Cors\Analyzer->analyze(Object(Neomerx\CorsIlluminate\Adapters\IlluminateRequestToPsr7))
#4 /share/vendor/neomerx/cors-illuminate/src/CorsMiddleware.php(63): Neomerx\CorsIlluminate\CorsMiddleware->getCorsAnalysis(Object(Illuminate\Http\Request))
#5 [internal function]: Neomerx\CorsIlluminate\CorsMiddleware->handle(Object(Illuminate\Http\Request), Object(Closure))
#6 /share/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(136): call_user_func_array(Array, Array)
#7 [internal function]: Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request))
#8 /share/vendor/laravel/lumen-framework/src/Routing/Pipeline.php(32): call_user_func(Object(Closure), Object(Illuminate\Http\Request))
#9 [internal function]: Laravel\Lumen\Routing\Pipeline->Laravel\Lumen\Routing\{closure}(Object(Illuminate\Http\Request))
#10 /share/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): call_user_func(Object(Closure), Object(Illuminate\Http\Request))
#11 /share/vendor/laravel/lumen-framework/src/Concerns/RoutesRequests.php(626): Illuminate\Pipeline\Pipeline->then(Object(Closure))
#12 /share/vendor/laravel/lumen-framework/src/Concerns/RoutesRequests.php(382): Laravel\Lumen\Application->sendThroughPipeline(Array, Object(Closure))
#13 /share/vendor/laravel/lumen-framework/src/Concerns/RoutesRequests.php(327): Laravel\Lumen\Application->dispatch(NULL)
#14 /share/public/index.php(28): Laravel\Lumen\Application->run()
#15 /share/vendor/mlntn/lumen-artisan-serve/src/server.php(21): require_once('/share/public/i...')
#16 {main}  

does cors-illuminate support lumen 5.2?

[neomerx]

yes, it does. I recently updated CORS package so it might be related.

[neomerx]

what version do you use (from composer.json)?

[neomerx]

I also need your copy of config file for CORS

[Malraoosh]

"neomerx/cors-illuminate": "^1.1",

---

---

<?php

use \Neomerx\CorsIlluminate\Settings\Settings;


if (env('APP_ENV')== 'local')
{
    $key_allowed_origin= [
        'http://docker_machine:9900' => true,
        'http://docker_machine' => true,
        'chrome-extension://fhbjgbiflinjbdggehcddcbncdddomop' => true
    ];
}
else
{
    $key_allowed_origin= [];
}

return [

    /**
     * If CORS handling should be logged. Debugging feature.
     */
    Settings::KEY_LOGS_ENABLED  => env('APP_ENV')== 'local',

    /**
     * Could be string or array. If specified as array (recommended for better performance) it should
     * be in parse_url() result format.
     */
    Settings::KEY_SERVER_ORIGIN => [
        'scheme' => 'http',
        'host'   => '192.168.99.100',
        'port'   => 9907,
    ],

    /**
     * A list of allowed request origins (lower-cased, no trail slashes).
     * Value `true` enables and value `null` disables origin.
     * If value is not on the list it is considered as not allowed.
     * Environment variables could be used for enabling/disabling certain hosts.
     *
     * 'http://some.disabled.com' => null,
     */


    Settings::KEY_ALLOWED_ORIGINS => $key_allowed_origin,

    /**
     * A list of allowed request methods (case sensitive). Value `true` enables and value `null` disables method.
     * If value is not on the list it is considered as not allowed.
     * Environment variables could be used for enabling/disabling certain methods.
     *
     * Security Note: you have to remember CORS is not access control system and you should not expect all cross-origin
     * requests will have pre-flights. For so-called 'simple' methods with so-called 'simple' headers request
     * will be made without pre-flight. Thus you can not restrict such requests with CORS and should use other means.
     * For example method 'GET' without any headers or with only 'simple' headers will not have pre-flight request so
     * disabling it will not restrict access to resource(s).
     *
     * You can read more on 'simple' methods at http://www.w3.org/TR/cors/#simple-method
     */
    Settings::KEY_ALLOWED_METHODS => [
        'GET'    => true,
        'PATCH'  => false,
        'POST'   => false,
        'PUT'    => false,
        'DELETE' => false,
    ],

    /**
     * A list of allowed request headers (lower-cased). Value `true` enables and value `null` disables header.
     * If value is not on the list it is considered as not allowed.
     * Environment variables could be used for enabling/disabling certain headers.
     *
     * Security Note: you have to remember CORS is not access control system and you should not expect all cross-origin
     * requests will have pre-flights. For so-called 'simple' methods with so-called 'simple' headers request
     * will be made without pre-flight. Thus you can not restrict such requests with CORS and should use other means.
     * For example method 'GET' without any headers or with only 'simple' headers will not have pre-flight request so
     * disabling it will not restrict access to resource(s).
     *
     * You can read more on 'simple' headers at http://www.w3.org/TR/cors/#simple-header
     */
    Settings::KEY_ALLOWED_HEADERS => [
        'accept' => true,
        'x-csrf-token' => true,
    ],

    /**
     * A list of headers (case insensitive) which will be made accessible to user agent (browser) in response.
     * Value `true` enables and value `null` disables header.
     * If value is not on the list it is considered as not allowed.
     * Environment variables could be used for enabling/disabling certain headers.
     *
     * For example,
     *
     * public static $exposedHeaders = [
     *     'content-type'             => true,
     *     'x-custom-response-header' => null,
     * ];
     */
    Settings::KEY_EXPOSED_HEADERS => [
        'content-type'             => null,
        'x-custom-response-header' => null,
    ],

    /**
     * If access with credentials is supported by the resource.
     */
    Settings::KEY_IS_USING_CREDENTIALS => false,

    /**
     * Pre-flight response cache max period in seconds.
     */
    Settings::KEY_PRE_FLIGHT_MAX_AGE => 0,

];

[neomerx]

Settings also support a few more config options. One of them is required so it fails

    /**
     * If allowed methods should be added to pre-flight response when 'simple' method is requested.
     */
    Settings::KEY_FORCE_ADD_METHODS => false,

    /**
     * If allowed headers should be added when request headers are 'simple' and
     * non of them is 'Content-Type'.
     */
    Settings::KEY_IS_FORCE_ADD_HEADERS => false,

    /**
     * If request 'Host' header should be checked against server's origin.
     */
    Settings::KEY_CHECK_HOST_HEADER => false,

I'm preparing a new version which will adds ability to get/set all settings at once (for caching). Settings will be very similar though some config keys would have slightly different names. For this reason it will be v2.0. I also add default values if some config options are not given as in your case.

[neomerx]

you can find them in the updated config file

[Malraoosh]

Thanks :);

[neomerx]

added default values in config so some options could be removed