CORSMiddleware¶

class OC\AppFramework\Middleware\Security\CORSMiddleware¶

This middleware sets the correct CORS headers on a response if the
controller has the @CORS annotation. This is needed for webapps that want
to access an API and don’t run on the same domain, see
https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS

Source:	lib/private/AppFramework/Middleware/Security/CORSMiddleware.php#47
Parent:	`OCP\AppFramework\Middleware`

Properties¶

Methods¶

public OC\AppFramework\Middleware\Security\CORSMiddleware::__construct($request, $reflector, $session, $throttler)¶

Source:	lib/private/AppFramework/Middleware/Security/CORSMiddleware.php#63
Parameters:	$request (`OCP\IRequest`) $reflector (`OC\AppFramework\Utility\ControllerMethodReflector`) $session (`OC\User\Session`) $throttler (`OC\Security\Bruteforce\Throttler`)

public OC\AppFramework\Middleware\Security\CORSMiddleware::beforeController($controller, $methodName)¶

This is being run in normal order before the controller is being

called which allows several modifications and checks

Source:	lib/private/AppFramework/Middleware/Security/CORSMiddleware.php#83
Parameters:	$controller (`OCP\AppFramework\Controller`) the controller that is being called $methodName (string) the name of the method that will be called on the controller
Throws:	`\OC\AppFramework\Middleware\Security\Exceptions\SecurityException`
Since:	6.0.0

public OC\AppFramework\Middleware\Security\CORSMiddleware::afterController($controller, $methodName, $response)¶

This is being run after a successful controllermethod call and allows

the manipulation of a Response object. The middleware is run in reverse order

Source:	lib/private/AppFramework/Middleware/Security/CORSMiddleware.php#113
Parameters:	$controller (`OCP\AppFramework\Controller`) the controller that is being called $methodName (string) the name of the method that will be called on the controller * $response (`OCP\AppFramework\Http\Response`) the generated response from the controller
Returns:	`\OCP\AppFramework\Http\Response` a Response object
Throws:	`\OC\AppFramework\Middleware\Security\Exceptions\SecurityException`

public OC\AppFramework\Middleware\Security\CORSMiddleware::afterException($controller, $methodName, $exception)¶

If an SecurityException is being caught return a JSON error response

Source:	lib/private/AppFramework/Middleware/Security/CORSMiddleware.php#146
Parameters:	$controller (`OCP\AppFramework\Controller`) the controller that is being called $methodName (string) the name of the method that will be called on the controller * $exception (`Exception`) the thrown exception
Throws:	`\Exception` the passed in exception if it can’t handle it
Returns:	`\OCP\AppFramework\Http\Response` a Response object or null in case that the exception could not be handled