Skip to content

Commit acf3142

Browse files
barryvdhbarryvdh
authored
Check and save multiple Vary Headers (#108)
Test all Vary Headers for existing and don't replace when multiple
1 parent 75203c1 commit acf3142

File tree

2 files changed

+77
-4
lines changed

2 files changed

+77
-4
lines changed

src/CorsService.php

Lines changed: 7 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -209,10 +209,13 @@ private function configureMaxAge(Response $response, Request $request)
209209

210210
public function varyHeader(Response $response, $header): Response
211211
{
212-
if (!$response->headers->has('Vary')) {
213-
$response->headers->set('Vary', $header);
214-
} elseif (!in_array($header, explode(', ', $response->headers->get('Vary')))) {
215-
$response->headers->set('Vary', $response->headers->get('Vary') . ', ' . $header);
212+
$vary = $response->getVary();
213+
if (!in_array($header, $vary, true)) {
214+
if (count($response->headers->all('Vary')) === 1) {
215+
$response->setVary($response->headers->get('Vary') . ', ' . $header, true);
216+
} else {
217+
$response->setVary($header, false);
218+
}
216219
}
217220

218221
return $response;

tests/CorsTest.php

Lines changed: 70 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -271,6 +271,76 @@ public function it_appends_an_existing_vary_header()
271271
$this->assertEquals('Content-Type, Origin', $response->headers->get('Vary'));
272272
}
273273

274+
275+
/**
276+
* @test
277+
* @see http://www.w3.org/TR/cors/index.html#resource-implementation
278+
*/
279+
public function it_doesnt_append_an_existing_vary_header_when_exists()
280+
{
281+
$app = $this->createStackedApp(
282+
array(
283+
'allowedOrigins' => ['*'],
284+
'supportsCredentials' => true,
285+
),
286+
array(
287+
'Vary' => 'Content-Type, Origin'
288+
)
289+
);
290+
$request = $this->createValidActualRequest();
291+
292+
$response = $app->handle($request);
293+
294+
$this->assertTrue($response->headers->has('Vary'));
295+
$this->assertEquals('Content-Type, Origin', $response->headers->get('Vary'));
296+
}
297+
298+
/**
299+
* @test
300+
* @see http://www.w3.org/TR/cors/index.html#resource-implementation
301+
*/
302+
public function it_appends_an_existing_vary_header_when_multiple()
303+
{
304+
$app = $this->createStackedApp(
305+
array(
306+
'allowedOrigins' => ['*'],
307+
'supportsCredentials' => true,
308+
),
309+
array(
310+
'Vary' => ['Content-Type', 'Referer'],
311+
)
312+
);
313+
$request = $this->createValidActualRequest();
314+
315+
$response = $app->handle($request);
316+
317+
$this->assertTrue($response->headers->has('Vary'));
318+
$this->assertEquals(['Content-Type' ,'Referer', 'Origin'], $response->headers->all('Vary'));
319+
}
320+
321+
/**
322+
* @test
323+
* @see http://www.w3.org/TR/cors/index.html#resource-implementation
324+
*/
325+
public function it_doesnt_append_an_existing_vary_header_when_exists_multiple()
326+
{
327+
$app = $this->createStackedApp(
328+
array(
329+
'allowedOrigins' => ['*'],
330+
'supportsCredentials' => true,
331+
),
332+
array(
333+
'Vary' => ['Content-Type', 'Referer', 'Origin'],
334+
)
335+
);
336+
$request = $this->createValidActualRequest();
337+
338+
$response = $app->handle($request);
339+
340+
$this->assertTrue($response->headers->has('Vary'));
341+
$this->assertEquals(['Content-Type' ,'Referer', 'Origin'], $response->headers->all('Vary'));
342+
}
343+
274344
/**
275345
* @test
276346
*/

0 commit comments

Comments
 (0)