fix(cors) Update cors configuration

meeio-app · Dec 1, 2024 · 9f56e38 · 9f56e38
1 parent eb72ffd
commit 9f56e38
Show file tree

Hide file tree

Showing 10 changed files with 215 additions and 223 deletions.
diff --git a/.env.example b/.env.example
@@ -3,7 +3,7 @@ APP_ENV=dev
 APP_SECRET=ChangeMe
 MAILER_DSN="smtp://mailer:25"
 DATABASE_URL="postgresql://user:password@database:5432/flashcard?serverVersion=16.4&charset=utf8"
-CORS_ALLOW_ORIGIN='^https?://(localhost|127\.0\.0\.1)(:[0-9]+)?$'
+CORS_ALLOW_ORIGIN='http://localhost:3000'
 MESSENGER_TRANSPORT_DSN=doctrine://default?auto_setup=0
 NOREPLY_SENDER=noreply@example.com
 LOCK_DSN=flock

diff --git a/.env.test b/.env.test
@@ -3,7 +3,7 @@ APP_SECRET=ChangeMe
 KERNEL_CLASS='App\Kernel'
 SYMFONY_DEPRECATIONS_HELPER=999999
 DATABASE_URL="postgresql://user:password@database:5432/flashcard?serverVersion=16.4&charset=utf8"
-CORS_ALLOW_ORIGIN='^https?://(localhost|127\.0\.0\.1)(:[0-9]+)?$'
+CORS_ALLOW_ORIGIN='http://localhost:3000'
 MAILER_DSN=smtp://localhost
 MESSENGER_TRANSPORT_DSN=null
 LOCK_DSN=flock
diff --git a/composer.json b/composer.json
@@ -13,7 +13,7 @@
         "doctrine/doctrine-bundle": "*",
         "doctrine/doctrine-migrations-bundle": "^3.2",
         "doctrine/orm": "*",
-        "nelmio/cors-bundle": "^2.3",
+        "nelmio/cors-bundle": "^2.5",
         "phpdocumentor/reflection-docblock": "^5.3",
         "phpstan/phpdoc-parser": "^1.23",
         "symfony/console": "6.4.*",

diff --git a/composer.lock b/composer.lock
diff --git a/config/packages/nelmio_cors.yaml b/config/packages/nelmio_cors.yaml
@@ -1,10 +1,14 @@
 nelmio_cors:
     defaults:
-        origin_regex: true
+        origin_regex: false
         allow_origin: ["%env(CORS_ALLOW_ORIGIN)%"]
         allow_methods: ["GET", "POST", "PUT", "PATCH", "DELETE"]
-        allow_headers: ["Content-Type", "Authorization"]
-        expose_headers: ["Link"]
+        allow_headers: ["Authorization", "Accept"]
         max_age: 3600
     paths:
-        "^/": null
+        "^/":
+            origin_regex: false
+            allow_origin: ["%env(CORS_ALLOW_ORIGIN)%"]
+            allow_methods: ["GET", "POST", "PUT", "PATCH", "DELETE"]
+            allow_headers: ["Authorization", "Accept"]
+            max_age: 3600
diff --git a/src/Controller/TestController.php b/src/Controller/TestController.php
@@ -6,33 +6,17 @@
 
 use App\Attribute\RelativeToEntity;
 use App\Entity\Topic;
-use App\Entity\Unit;
-use App\Modifier\Modifier;
-use App\Modifier\Transformer\EntityByIdTransformer;
 use Symfony\Component\HttpFoundation\JsonResponse;
+use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\Routing\Attribute\Route;
 
 #[Route('/api/_internal', name: 'api_', format: 'json')]
 #[RelativeToEntity(Topic::class)]
 class TestController extends AbstractRestController
 {
     #[Route('/test', name: 'test')]
-    public function index(): JsonResponse
+    public function index(Request $request): JsonResponse
     {
-        $entity = $this->decodeBody(
-            classname: Unit::class,
-            strict: false,
-            deserializationGroups: ['write:unit:user'],
-            transformers: [
-                new Modifier('topic', EntityByIdTransformer::class, [
-                    'entity' => Topic::class,
-                ]),
-            ],
-            validationGroups: null
-        );
-
-        dd($entity);
-
-        return $this->json($entity, context: ['groups' => ['read:user:user']]);
+        return $this->json(null);
     }
 }
diff --git a/src/DataFixtures/FlashcardFixtures.php b/src/DataFixtures/FlashcardFixtures.php
@@ -19,7 +19,7 @@ public static function getGroups(): array
         return ['all'];
     }
 
-    public function getDependencies()
+    public function getDependencies(): array
     {
         return [
             UnitFixtures::class,

diff --git a/src/DataFixtures/TopicFixtures.php b/src/DataFixtures/TopicFixtures.php
@@ -19,7 +19,7 @@ public static function getGroups(): array
         return ['all'];
     }
 
-    public function getDependencies()
+    public function getDependencies(): array
     {
         return [
             UserFixtures::class,

diff --git a/src/DataFixtures/UnitFixtures.php b/src/DataFixtures/UnitFixtures.php
@@ -19,7 +19,7 @@ public static function getGroups(): array
         return ['all'];
     }
 
-    public function getDependencies()
+    public function getDependencies(): array
     {
         return [
             TopicFixtures::class,

diff --git a/src/EventSubscriber/ResponseSubscriber.php b/src/EventSubscriber/ResponseSubscriber.php
@@ -18,6 +18,11 @@ class ResponseSubscriber implements EventSubscriberInterface
     public function onKernelResponse(ResponseEvent $event): void
     {
         $initialRequest = $event->getRequest();
+
+        // if (!\in_array($initialRequest->getMethod(), ['GET', 'POST', 'PUT', 'PATCH', 'DELETE'])) {
+        //     return;
+        // }
+
         $initialResponse = $event->getResponse();
 
         // Enabled only for project routes, not symfony routes like the profiler