Hi,
I think I came across a bug in the D8 version, where if, in the options, you pass multiple values for the Methods and/or the Headers. You would only get the last value in the response.
For example, this configuration:
/api/*||GET, POST, PUT, PATCH, DELETE, OPTIONS|Content-Type, Authorization|true
In the response:
I would expect:
Access-Control-Allow-Headers →Content-Type, Authorization
Access-Control-Allow-Methods →GET, POST, PUT, PATCH, DELETE, OPTIONS
However I get this:
Access-Control-Allow-Headers →Authorization
Access-Control-Allow-Methods →OPTIONS
I think this is due to exploding the values on lines 104 and 107:
explode(',', trim($settings[2]));
and then looping over them on lines 122 through 124
foreach ($values as $value) {
$response->headers->set($header, $value, TRUE);
}
Only the latest value will be preserved, as the previous ones are overwritten every time.
An easy solution would be chaging lines 104 and 107 to:
$headers['OPTIONS']['Access-Control-Allow-Methods'] = array(trim($settings[1])); //104
$headers['OPTIONS']['Access-Control-Allow-Headers'] = array(trim($settings[2])); //107
Then I get my expected response.
Hi,
I think I came across a bug in the D8 version, where if, in the options, you pass multiple values for the Methods and/or the Headers. You would only get the last value in the response.
For example, this configuration:
/api/*||GET, POST, PUT, PATCH, DELETE, OPTIONS|Content-Type, Authorization|true
In the response:
I would expect:
However I get this:
I think this is due to exploding the values on lines 104 and 107:
explode(',', trim($settings[2]));and then looping over them on lines 122 through 124
Only the latest value will be preserved, as the previous ones are overwritten every time.
An easy solution would be chaging lines 104 and 107 to:
Then I get my expected response.