CORSMiddleware

class OC\AppFramework\Middleware\Security\CORSMiddleware
This middleware sets the correct CORS headers on a response if the
controller has the @CORS annotation. This is needed for webapps that want
to access an API and don’t run on the same domain, see
Source:lib/private/AppFramework/Middleware/Security/CORSMiddleware.php#47
Parent:OCP\AppFramework\Middleware

Properties

Methods

public OC\AppFramework\Middleware\Security\CORSMiddleware::__construct($request, $reflector, $session, $throttler)
Source:

lib/private/AppFramework/Middleware/Security/CORSMiddleware.php#63

Parameters:
public OC\AppFramework\Middleware\Security\CORSMiddleware::beforeController($controller, $methodName)
This is being run in normal order before the controller is being
called which allows several modifications and checks
Source:

lib/private/AppFramework/Middleware/Security/CORSMiddleware.php#83

Parameters:
  • $controller (OCP\AppFramework\Controller) the controller that is being called
  • $methodName (string) the name of the method that will be called on

the controller

Throws:

\OC\AppFramework\Middleware\Security\Exceptions\SecurityException

Since:

6.0.0

public OC\AppFramework\Middleware\Security\CORSMiddleware::afterController($controller, $methodName, $response)
This is being run after a successful controllermethod call and allows
the manipulation of a Response object. The middleware is run in reverse order
Source:

lib/private/AppFramework/Middleware/Security/CORSMiddleware.php#113

Parameters:
  • $controller (OCP\AppFramework\Controller) the controller that is being called
  • $methodName (string) the name of the method that will be called on

the controller * $response (OCP\AppFramework\Http\Response) the generated response from the controller

Returns:

\OCP\AppFramework\Http\Response a Response object

Throws:

\OC\AppFramework\Middleware\Security\Exceptions\SecurityException

public OC\AppFramework\Middleware\Security\CORSMiddleware::afterException($controller, $methodName, $exception)
If an SecurityException is being caught return a JSON error response
Source:

lib/private/AppFramework/Middleware/Security/CORSMiddleware.php#146

Parameters:
  • $controller (OCP\AppFramework\Controller) the controller that is being called
  • $methodName (string) the name of the method that will be called on

the controller * $exception (Exception) the thrown exception

Throws:

\Exception the passed in exception if it can’t handle it

Returns:

\OCP\AppFramework\Http\Response a Response object or null in case that the exception could not be handled