New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[HttpFoundation] Add an helper method to check if a request is a CORS preflight request #34391
Conversation
… preflight request
There is no such distinction between CORS (preflight) / non-CORS Any distinction we try to make is arbitrary and contrary to the spec. |
@teohhanhui that’s wrong. Preflight requests are explicitly specified in the WHATWG’s CORS standard: https://fetch.spec.whatwg.org/#http-requests See also https://developer.mozilla.org/en-US/docs/Glossary/Preflight_request |
*/ | ||
public function isCorsPreflightRequest(): bool | ||
{ | ||
return $this->isMethod('OPTIONS') && $this->headers->has('Access-Control-Request-Method'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
would it make sense to also check for Origin
and Access-Control-Request-Headers
?
Maybe the whole CORS spec should be implemented in a separate class. The Request class contains already a lot of methods and I think it becomes complex. |
I'm 👎 on adding yet another specific method on Request. |
Add a new method to check if a request is a CORS preflight request according to the CORS spec.
It's useful in many cases (see api-platform/core#3265), and will allow to remove code from API Platform and NelmioCorsBundle.