Merge remote-tracking branch 'alex88/patch-1'

nelmio · Oct 29, 2013 · 81140d6 · 81140d6
2 parents b9b85b1 + 9858af8
commit 81140d6
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 1 deletion.
diff --git a/EventListener/CorsListener.php b/EventListener/CorsListener.php
@@ -56,7 +56,7 @@ public function onKernelRequest(GetResponseEvent $event)
         $request = $event->getRequest();
 
         // skip if not a CORS request
-        if (!$request->headers->has('Origin')) {
+        if (!$request->headers->has('Origin') || $request->headers->get('Origin') == $request->getSchemeAndHttpHost()) {
             return;
         }
 

diff --git a/Tests/CorsListenerTest.php b/Tests/CorsListenerTest.php
@@ -92,4 +92,26 @@ public function testPreflightedRequest()
         $this->assertEquals(null, $resp->headers->get('Access-Control-Allow-Methods'));
         $this->assertEquals(null, $resp->headers->get('Access-Control-Allow-Headers'));
     }
+
+    public function testSameHostRequest()
+    {
+        // Request with same host as origin
+        $config = array('/foo' => array(
+            'allow_origin' => array(),
+            'allow_headers' => array('foo', 'bar'),
+            'allow_methods' => array('POST', 'PUT'),
+        ));
+
+        $req = Request::create('/foo', 'POST');
+        $req->headers->set('Host', 'example.com');
+        $req->headers->set('Origin', 'http://example.com');
+
+        $callback = null;
+        $dispatcher = m::mock('Symfony\Component\EventDispatcher\EventDispatcherInterface');
+
+        $event = new GetResponseEvent(m::mock('Symfony\Component\HttpKernel\HttpKernelInterface'), $req, HttpKernelInterface::MASTER_REQUEST);
+        $this->getListener($config, array(), $dispatcher)->onKernelRequest($event);
+
+        $this->assertNull($event->getResponse());
+    }
 }