Initial commit of the module code to GitHub

Author: thaddeusmt

Api/CorsCheckInterface.php

@@ -0,0 +1,24 @@
+<?php
+
+/**
+ * @copyright  Copyright 2017 SplashLab
+ */
+
+namespace SplashLab\CorsRequests\Api;
+
+/**
+ * Interface CorsCheckInterface
+ * @api
+ * @package SplashLab\CorsRequests\Api
+ */
+interface CorsCheckInterface
+{
+
+    /**
+     * Return empty body response
+     *
+     * @return string
+     */
+    public function check();
+
+}

Model/CorsCheck.php

@@ -0,0 +1,42 @@
+<?php
+/**
+ * @copyright  Copyright 2017 SplashLab
+ */
+
+namespace SplashLab\CorsRequests\Model;
+
+use SplashLab\CorsRequests\Api\CorsCheckInterface;
+
+/**
+ * Class CorsCheck
+ * @package SplashLab\CorsRequests\Model
+ */
+class CorsCheck implements CorsCheckInterface
+{
+
+    /**
+     * Initialize dependencies.
+     *
+     * @param \Magento\Framework\Webapi\Rest\Response $response
+     * @param \Magento\Framework\App\Config\ScopeConfigInterface scopeConfig
+     */
+    public function __construct(
+        \Magento\Framework\Webapi\Rest\Response $response,
+        \Magento\Framework\Webapi\Rest\Request $request
+    ) {
+        $this->response = $response;
+        $this->request = $request;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public function check()
+    {
+        // respond to OPTIONS request with appropriate headers
+        $this->response->setHeader('Access-Control-Allow-Methods', $this->request->getHeader('Access-Control-Request-Method'), true);
+        $this->response->setHeader('Access-Control-Allow-Headers', $this->request->getHeader('Access-Control-Request-Headers'), true);
+        return '';
+    }
+
+}

Plugin/CorsHeadersPlugin.php

@@ -0,0 +1,85 @@
+<?php
+
+/**
+ * @copyright  Copyright 2017 SplashLab
+ */
+
+namespace SplashLab\CorsRequests\Plugin;
+
+use Magento\Framework\App\FrontControllerInterface;
+use Magento\Framework\App\RequestInterface;
+
+/**
+ * Class CorsHeadersPlugin
+ *
+ * @package SplashLab\CorsRequests
+ */
+class CorsHeadersPlugin
+{
+
+    /**
+     * @var \Magento\Framework\Webapi\Rest\Response
+     */
+    private $response;
+
+    /**
+     * @var \Magento\Framework\App\Config\ScopeConfigInterface
+     */
+    private $scopeConfig;
+
+    /**
+     * Initialize dependencies.
+     *
+     * @param \Magento\Framework\Webapi\Rest\Response $response
+     * @param \Magento\Framework\App\Config\ScopeConfigInterface scopeConfig
+     */
+    public function __construct(
+        \Magento\Framework\Webapi\Rest\Response $response,
+        \Magento\Framework\App\Config\ScopeConfigInterface $scopeConfig
+    ) {
+        $this->response = $response;
+        $this->scopeConfig = $scopeConfig;
+    }
+
+    /**
+     * Get the origin domain the requests are going to come from
+     * @return string
+     */
+    protected function getOriginUrl()
+    {
+        return $this->scopeConfig->getValue('corsRequests/general/origin_url',
+            \Magento\Store\Model\ScopeInterface::SCOPE_STORE);
+    }
+
+    /**
+     * Get the origin domain the requests are going to come from
+     * @return string
+     */
+    protected function getAllowCredentials()
+    {
+        return (bool) $this->scopeConfig->getValue('corsRequests/general/allow_credentials',
+            \Magento\Store\Model\ScopeInterface::SCOPE_STORE);
+    }
+
+    /**
+     * Triggers before original dispatch
+     * This method triggers before original \Magento\Webapi\Controller\Rest::dispatch and set version
+     * from request params to VersionManager instance
+     * @param FrontControllerInterface $subject
+     * @param RequestInterface $request
+     * @return void
+     * @SuppressWarnings(PHPMD.UnusedFormalParameter)
+     */
+    public function beforeDispatch(
+        FrontControllerInterface $subject,
+        RequestInterface $request
+    ) {
+        if ($originUrl = $this->getOriginUrl()) {
+            $this->response->setHeader('Access-Control-Allow-Origin', rtrim($originUrl,"/"), true);
+            if ($this->getAllowCredentials()) {
+                $this->response->setHeader('Access-Control-Allow-Credentials', 'true', true);
+            }
+        }
+    }
+
+}

Plugin/CorsRequestMatchPlugin.php

@@ -0,0 +1,94 @@
+<?php
+
+/**
+ * @copyright  Copyright 2017 SplashLab
+ */
+
+namespace SplashLab\CorsRequests\Plugin;
+
+use Magento\Framework\Webapi\Rest\Request;
+use Magento\Webapi\Controller\Rest\Router;
+
+/**
+ * Class CorsRequestMatchPlugin
+ *
+ * @package SplashLab\CorsRequests
+ */
+class CorsRequestMatchPlugin
+{
+
+    /**
+     * @var \Magento\Framework\Webapi\Rest\Request
+     */
+    private $request;
+
+    /**
+     * @var \Magento\Framework\Controller\Router\Route\Factory
+     */
+    protected $routeFactory;
+
+    /**
+     * Initialize dependencies.
+     *
+     * @param \Magento\Framework\Webapi\Rest\Request $request
+     * @param \Magento\Framework\Controller\Router\Route\Factory $routeFactory
+     */
+    public function __construct(
+        \Magento\Framework\Webapi\Rest\Request $request,
+        \Magento\Framework\Controller\Router\Route\Factory $routeFactory
+    ) {
+        $this->request = $request;
+        $this->routeFactory = $routeFactory;
+    }
+
+    /**
+     * Generate the list of available REST routes. Current HTTP method is taken into account.
+     *
+     * @param \Magento\Webapi\Model\Rest\Config $subject
+     * @param $proceed
+     * @param Request $request
+     * @return \Magento\Webapi\Controller\Rest\Router\Route
+     * @throws \Magento\Framework\Webapi\Exception
+     */
+    public function aroundMatch(
+        Router $subject,
+        callable $proceed,
+        Request $request
+    )
+    {
+        try {
+            $returnValue = $proceed($request);
+        } catch (\Magento\Framework\Webapi\Exception $e) {
+            $requestHttpMethod = $this->request->getHttpMethod();
+            if ($requestHttpMethod == 'OPTIONS') {
+                return $this->createRoute();
+            } else {
+                throw $e;
+            }
+        }
+        return $returnValue;
+    }
+
+    /**
+     * Create route object to the placeholder CORS route.
+     *
+     * @return \Magento\Webapi\Controller\Rest\Router\Route
+     */
+    protected function createRoute()
+    {
+        /** @var $route \Magento\Webapi\Controller\Rest\Router\Route */
+        $route = $this->routeFactory->createRoute(
+            'Magento\Webapi\Controller\Rest\Router\Route',
+            '/V1/cors/check'
+        );
+
+        $route->setServiceClass('SplashLab\CorsRequests\Api\CorsCheckInterface')
+            ->setServiceMethod('check')
+            ->setSecure(false)
+            ->setAclResources(['anonymous'])
+            ->setParameters([]);
+
+        return $route;
+    }
+
+}

Plugin/CorsRequestOptionsPlugin.php

@@ -0,0 +1,36 @@
+<?php
+
+/**
+ * @copyright  Copyright 2017 SplashLab
+ */
+
+namespace SplashLab\CorsRequests\Plugin;
+
+use Magento\Framework\Webapi\Request;
+
+/**
+ * Class CorsRequestOptionsPlugin
+ *
+ * @package SplashLab\CorsRequests
+ */
+class CorsRequestOptionsPlugin
+{
+
+    /**
+     * Triggers before original dispatch
+     * Allow Options requests from jQuery AJAX
+     *
+     * @param Request $subject
+     * @return void
+     * @throws \Magento\Framework\Exception\InputException
+     */
+    public function aroundGetHttpMethod(
+        Request $subject
+    ) {
+        if (!$subject->isGet() && !$subject->isPost() && !$subject->isPut() && !$subject->isDelete() && !$subject->isOptions()) {
+            throw new \Magento\Framework\Exception\InputException(new Phrase('Request method is invalid.'));
+        }
+        return $subject->getMethod();
+    }
+
+}

README.md

@@ -0,0 +1,63 @@
+# Magento 2 CORS Cross-Domain Requests by SplashLab
+
+This module allows you to enable Cross-Origin Resource Sharing (CORS) REST API requests in Magento 2 by adding the appropriate HTTP headers and handling the pre-flight OPTIONS requests.
+
+This can be used to allow AJAX and other requests to the Magento 2 REST API from another domain (or subdomain). 
+
+## How to install
+
+### 1. via composer
+
+```
+composer require splashlab/magento-2-cors-requests
+php bin/magento setup:upgrade
+php bin/magento setup:static-content:deploy
+```
+
+### 2. Copy and paste
+
+Download latest version from GitHub
+
+Paste into `app/code/SplashLab/CorsRequests` directory
+
+```
+php bin/magento setup:upgrade
+php bin/magento setup:static-content:deploy
+```
+
+## How does it work?
+
+The full implementation of CORS cross-domain HTTP requests is outside the scope of this README, but this is what this module does:
+
+1. Allows onfigureing an Origin Url in the Admin Configuration area - this is the domain which cross-domain requests are permitted from
+2. This domain is added to a `Access-Control-Allow-Origin` response HTTP header
+3. Optionally you can enable the `Access-Control-Allow-Credentials` header as well, to enable passing cookies
+
+For non-GET and non-standard-POST requests (i.e. PUT and DELETE), the "pre-flight check" OPTIONS request is handled by:
+
+1. An empty `/V1/cors/check` API response with the appropriate headers:
+2. `Access-Control-Allow-Methods` response header, which mirrors the `Access-Control-Request-Method` request header
+3. `Access-Control-Allow-Headers` response header, which mirrors the `Access-Control-Request-Headers` request header
+
+### Alternative Solutions
+
+You can also manage these CORS headers with Apache and Nginx rules, instead of using this extension:
+
+- https://community.magento.com/t5/Magento-2-Feature-Requests-and/API-CORS-requests-will-fail-without-OPTIONS-reponse/idi-p/60551
+- https://stackoverflow.com/questions/35174585/how-to-add-cors-cross-origin-policy-to-all-domains-in-nginx
+
+But I created this extension to allow you to configure the Origin domain the Admin Configuration, and to avoid having to create and manage special server configuration.
+
+## CORS Cross-Domain Request References
+
+Not only can you create unlimited sliders but Product Slider module also allows placing the sliders like content or sidebar additional at the top or bottom of any page on your website flexibly. The options you can put the sliders are:
+
+- https://en.wikipedia.org/wiki/Cross-origin_resource_sharing
+- https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
+- https://www.html5rocks.com/en/tutorials/cors/
+- https://stackoverflow.com/questions/29954037/how-to-disable-options-request
+- https://stackoverflow.com/questions/12320467/jquery-cors-content-type-options
+
+
+
+

composer.json

@@ -0,0 +1,21 @@
+{
+    "name": "splashlab/cors-requests",
+    "description": "N/A",
+    "require": {
+        "php": "~5.6.5|7.0.2|7.0.4|~7.0.6"
+    },
+    "type": "magento2-module",
+    "version": "100.0.1",
+    "license": [
+        "OSL-3.0",
+        "AFL-3.0"
+    ],
+    "autoload": {
+        "files": [
+            "registration.php"
+        ],
+        "psr-4": {
+            "SplashLab\\CorsRequests\\": ""
+        }
+    }
+}

etc/acl.xml

@@ -0,0 +1,17 @@
+<?xml version="1.0"?>
+<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xsi:noNamespaceSchemaLocation="urn:magento:framework:Acl/etc/acl.xsd">
+    <acl>
+        <resources>
+            <resource id="Magento_Backend::admin">
+                <resource id="Magento_Backend::stores">
+                    <resource id="Magento_Backend::stores_settings">
+                        <resource id="Magento_Config::config">
+                            <resource id="SplashLab_CorsRequests::config" title="CORS Request Configuration" sortOrder="50"/>
+                        </resource>
+                    </resource>
+                </resource>
+            </resource>
+        </resources>
+    </acl>
+</config>