├── Api
    └── CorsCheckInterface.php
├── LICENSE
├── Model
    └── CorsCheck.php
├── Plugin
    ├── CorsHeadersPlugin.php
    ├── CorsRequestMatchPlugin.php
    └── CorsRequestOptionsPlugin.php
├── README.md
├── composer.json
├── etc
    ├── acl.xml
    ├── adminhtml
    │   └── system.xml
    ├── config.xml
    ├── di.xml
    ├── module.xml
    └── webapi.xml
└── registration.php


/Api/CorsCheckInterface.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | /**
 4 |  * @copyright  Copyright 2017 SplashLab
 5 |  */
 6 | 
 7 | namespace SplashLab\CorsRequests\Api;
 8 | 
 9 | /**
10 |  * Interface CorsCheckInterface
11 |  * @api
12 |  * @package SplashLab\CorsRequests\Api
13 |  */
14 | interface CorsCheckInterface
15 | {
16 | 
17 |     /**
18 |      * Return empty body response
19 |      *
20 |      * @return string
21 |      */
22 |     public function check();
23 | 
24 | }


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | 
 2 | Open Software License ("OSL") v. 3.0
 3 | 
 4 | This Open Software License (the "License") applies to any original work of authorship (the "Original Work") whose owner (the "Licensor") has placed the following licensing notice adjacent to the copyright notice for the Original Work:
 5 | 
 6 | Licensed under the Open Software License version 3.0
 7 | 
 8 |    1. Grant of Copyright License. Licensor grants You a worldwide, royalty-free, non-exclusive, sublicensable license, for the duration of the copyright, to do the following:
 9 | 
10 |          1. to reproduce the Original Work in copies, either alone or as part of a collective work;
11 | 
12 |          2. to translate, adapt, alter, transform, modify, or arrange the Original Work, thereby creating derivative works ("Derivative Works") based upon the Original Work;
13 | 
14 |          3. to distribute or communicate copies of the Original Work and Derivative Works to the public, with the proviso that copies of Original Work or Derivative Works that You distribute or communicate shall be licensed under this Open Software License;
15 | 
16 |          4. to perform the Original Work publicly; and
17 | 
18 |          5. to display the Original Work publicly. 
19 | 
20 |    2. Grant of Patent License. Licensor grants You a worldwide, royalty-free, non-exclusive, sublicensable license, under patent claims owned or controlled by the Licensor that are embodied in the Original Work as furnished by the Licensor, for the duration of the patents, to make, use, sell, offer for sale, have made, and import the Original Work and Derivative Works.
21 | 
22 |    3. Grant of Source Code License. The term "Source Code" means the preferred form of the Original Work for making modifications to it and all available documentation describing how to modify the Original Work. Licensor agrees to provide a machine-readable copy of the Source Code of the Original Work along with each copy of the Original Work that Licensor distributes. Licensor reserves the right to satisfy this obligation by placing a machine-readable copy of the Source Code in an information repository reasonably calculated to permit inexpensive and convenient access by You for as long as Licensor continues to distribute the Original Work.
23 | 
24 |    4. Exclusions From License Grant. Neither the names of Licensor, nor the names of any contributors to the Original Work, nor any of their trademarks or service marks, may be used to endorse or promote products derived from this Original Work without express prior permission of the Licensor. Except as expressly stated herein, nothing in this License grants any license to Licensor's trademarks, copyrights, patents, trade secrets or any other intellectual property. No patent license is granted to make, use, sell, offer for sale, have made, or import embodiments of any patent claims other than the licensed claims defined in Section 2. No license is granted to the trademarks of Licensor even if such marks are included in the Original Work. Nothing in this License shall be interpreted to prohibit Licensor from licensing under terms different from this License any Original Work that Licensor otherwise would have a right to license.
25 | 
26 |    5. External Deployment. The term "External Deployment" means the use, distribution, or communication of the Original Work or Derivative Works in any way such that the Original Work or Derivative Works may be used by anyone other than You, whether those works are distributed or communicated to those persons or made available as an application intended for use over a network. As an express condition for the grants of license hereunder, You must treat any External Deployment by You of the Original Work or a Derivative Work as a distribution under section 1(c).
27 | 
28 |    6. Attribution Rights. You must retain, in the Source Code of any Derivative Works that You create, all copyright, patent, or trademark notices from the Source Code of the Original Work, as well as any notices of licensing and any descriptive text identified therein as an "Attribution Notice." You must cause the Source Code for any Derivative Works that You create to carry a prominent Attribution Notice reasonably calculated to inform recipients that You have modified the Original Work.
29 | 
30 |    7. Warranty of Provenance and Disclaimer of Warranty. Licensor warrants that the copyright in and to the Original Work and the patent rights granted herein by Licensor are owned by the Licensor or are sublicensed to You under the terms of this License with the permission of the contributor(s) of those copyrights and patent rights. Except as expressly stated in the immediately preceding sentence, the Original Work is provided under this License on an "AS IS" BASIS and WITHOUT WARRANTY, either express or implied, including, without limitation, the warranties of non-infringement, merchantability or fitness for a particular purpose. THE ENTIRE RISK AS TO THE QUALITY OF THE ORIGINAL WORK IS WITH YOU. This DISCLAIMER OF WARRANTY constitutes an essential part of this License. No license to the Original Work is granted by this License except under this disclaimer.
31 | 
32 |    8. Limitation of Liability. Under no circumstances and under no legal theory, whether in tort (including negligence), contract, or otherwise, shall the Licensor be liable to anyone for any indirect, special, incidental, or consequential damages of any character arising as a result of this License or the use of the Original Work including, without limitation, damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses. This limitation of liability shall not apply to the extent applicable law prohibits such limitation.
33 | 
34 |    9. Acceptance and Termination. If, at any time, You expressly assented to this License, that assent indicates your clear and irrevocable acceptance of this License and all of its terms and conditions. If You distribute or communicate copies of the Original Work or a Derivative Work, You must make a reasonable effort under the circumstances to obtain the express assent of recipients to the terms of this License. This License conditions your rights to undertake the activities listed in Section 1, including your right to create Derivative Works based upon the Original Work, and doing so without honoring these terms and conditions is prohibited by copyright law and international treaty. Nothing in this License is intended to affect copyright exceptions and limitations (including 'fair use' or 'fair dealing'). This License shall terminate immediately and You may no longer exercise any of the rights granted to You by this License upon your failure to honor the conditions in Section 1(c).
35 | 
36 |   10. Termination for Patent Action. This License shall terminate automatically and You may no longer exercise any of the rights granted to You by this License as of the date You commence an action, including a cross-claim or counterclaim, against Licensor or any licensee alleging that the Original Work infringes a patent. This termination provision shall not apply for an action alleging patent infringement by combinations of the Original Work with other software or hardware.
37 | 
38 |   11. Jurisdiction, Venue and Governing Law. Any action or suit relating to this License may be brought only in the courts of a jurisdiction wherein the Licensor resides or in which Licensor conducts its primary business, and under the laws of that jurisdiction excluding its conflict-of-law provisions. The application of the United Nations Convention on Contracts for the International Sale of Goods is expressly excluded. Any use of the Original Work outside the scope of this License or after its termination shall be subject to the requirements and penalties of copyright or patent law in the appropriate jurisdiction. This section shall survive the termination of this License.
39 | 
40 |   12. Attorneys' Fees. In any action to enforce the terms of this License or seeking damages relating thereto, the prevailing party shall be entitled to recover its costs and expenses, including, without limitation, reasonable attorneys' fees and costs incurred in connection with such action, including any appeal of such action. This section shall survive the termination of this License.
41 | 
42 |   13. Miscellaneous. If any provision of this License is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable.
43 | 
44 |   14. Definition of "You" in This License. "You" throughout this License, whether in upper or lower case, means an individual or a legal entity exercising rights under, and complying with all of the terms of, this License. For legal entities, "You" includes any entity that controls, is controlled by, or is under common control with you. For purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity.
45 | 
46 |   15. Right to Use. You may use the Original Work in all ways not otherwise restricted or conditioned by this License or by law, and Licensor promises not to interfere with or be responsible for such uses by You.
47 | 
48 |   16. Modification of This License. This License is Copyright (C) 2005 Lawrence Rosen. Permission is granted to copy, distribute, or communicate this License without modification. Nothing in this License permits You to modify this License as applied to the Original Work or to Derivative Works. However, You may modify the text of this License and copy, distribute or communicate your modified version (the "Modified License") and apply it to other original works of authorship subject to the following conditions: (i) You may not indicate in any way that your Modified License is the "Open Software License" or "OSL" and you may not use those names in the name of your Modified License; (ii) You must replace the notice specified in the first paragraph above with the notice "Licensed under <insert your license name here>" or with a notice of your own that is not confusingly similar to the notice in this License; and (iii) You may not claim that your original works are open source software unless your Modified License has been approved by Open Source Initiative (OSI) and You comply with its license review and certification process. 
49 | 


--------------------------------------------------------------------------------
/Model/CorsCheck.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | /**
 3 |  * @copyright  Copyright 2017 SplashLab
 4 |  */
 5 | 
 6 | namespace SplashLab\CorsRequests\Model;
 7 | 
 8 | use SplashLab\CorsRequests\Api\CorsCheckInterface;
 9 | 
10 | /**
11 |  * Class CorsCheck
12 |  * @package SplashLab\CorsRequests\Model
13 |  */
14 | class CorsCheck implements CorsCheckInterface
15 | {
16 | 
17 |     /**
18 |      * Initialize dependencies.
19 |      *
20 |      * @param \Magento\Framework\Webapi\Rest\Response $response
21 |      * @param \Magento\Framework\App\Config\ScopeConfigInterface scopeConfig
22 |      */
23 |     public function __construct(
24 |         \Magento\Framework\Webapi\Rest\Response $response,
25 |         \Magento\Framework\Webapi\Rest\Request $request
26 |     ) {
27 |         $this->response = $response;
28 |         $this->request = $request;
29 |     }
30 | 
31 |     /**
32 |      * {@inheritDoc}
33 |      */
34 |     public function check()
35 |     {
36 |         // respond to OPTIONS request with appropriate headers
37 |         $this->response->setHeader('Access-Control-Allow-Methods', $this->request->getHeader('Access-Control-Request-Method'), true);
38 |         $this->response->setHeader('Access-Control-Allow-Headers', $this->request->getHeader('Access-Control-Request-Headers'), true);
39 |         return '';
40 |     }
41 | 
42 | }
43 | 


--------------------------------------------------------------------------------
/Plugin/CorsHeadersPlugin.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | 
  3 | /**
  4 |  * @copyright  Copyright 2017 SplashLab
  5 |  */
  6 | 
  7 | namespace SplashLab\CorsRequests\Plugin;
  8 | 
  9 | use Magento\Framework\App\FrontControllerInterface;
 10 | use Magento\Framework\App\RequestInterface;
 11 | 
 12 | /**
 13 |  * Class CorsHeadersPlugin
 14 |  *
 15 |  * @package SplashLab\CorsRequests
 16 |  */
 17 | class CorsHeadersPlugin
 18 | {
 19 | 
 20 |     /**
 21 |      * @var \Magento\Framework\Webapi\Rest\Response
 22 |      */
 23 |     private $response;
 24 | 
 25 |     /**
 26 |      * @var \Magento\Framework\App\Config\ScopeConfigInterface
 27 |      */
 28 |     private $scopeConfig;
 29 | 
 30 |     /**
 31 |      * Initialize dependencies.
 32 |      *
 33 |      * @param \Magento\Framework\Webapi\Rest\Response $response
 34 |      * @param \Magento\Framework\App\Config\ScopeConfigInterface scopeConfig
 35 |      */
 36 |     public function __construct(
 37 |         \Magento\Framework\Webapi\Rest\Response $response,
 38 |         \Magento\Framework\App\Config\ScopeConfigInterface $scopeConfig
 39 |     ) {
 40 |         $this->response = $response;
 41 |         $this->scopeConfig = $scopeConfig;
 42 |     }
 43 | 
 44 |     /**
 45 |      * Get the origin domain the requests are going to come from
 46 |      * @return string
 47 |      */
 48 |     protected function getOriginUrl()
 49 |     {
 50 |         return $this->scopeConfig->getValue('web/corsRequests/origin_url',
 51 |             \Magento\Store\Model\ScopeInterface::SCOPE_STORE);
 52 |     }
 53 | 
 54 |     /**
 55 |      * Get the origin domain the requests are going to come from
 56 |      * @return string
 57 |      */
 58 |     protected function getAllowCredentials()
 59 |     {
 60 |         return (bool) $this->scopeConfig->getValue('web/corsRequests/allow_credentials',
 61 |             \Magento\Store\Model\ScopeInterface::SCOPE_STORE);
 62 |     }
 63 | 
 64 |     /**
 65 |      * Get the origin domain the requests are going to come from
 66 |      * @return string
 67 |      */
 68 |     protected function getEnableAmp()
 69 |     {
 70 |         return (bool) $this->scopeConfig->getValue('web/corsRequests/enable_amp',
 71 |             \Magento\Store\Model\ScopeInterface::SCOPE_STORE);
 72 |     }
 73 | 
 74 |     /**
 75 |      * Get the Access-Control-Max-Age
 76 |      * @return string
 77 |      */
 78 |     protected function getMaxAge()
 79 |     {
 80 |         return (int) $this->scopeConfig->getValue('web/corsRequests/max_age',
 81 |             \Magento\Store\Model\ScopeInterface::SCOPE_STORE);
 82 |     }
 83 | 
 84 |     /**
 85 |      * Triggers before original dispatch
 86 |      * This method triggers before original \Magento\Webapi\Controller\Rest::dispatch and set version
 87 |      * from request params to VersionManager instance
 88 |      * @param FrontControllerInterface $subject
 89 |      * @param RequestInterface $request
 90 |      * @return void
 91 |      * @SuppressWarnings(PHPMD.UnusedFormalParameter)
 92 |      */
 93 |     public function beforeDispatch(
 94 |         FrontControllerInterface $subject,
 95 |         RequestInterface $request
 96 |     ) {
 97 |         if ($originUrl = $this->getOriginUrl()) {
 98 |             $this->response->setHeader('Access-Control-Allow-Origin', rtrim($originUrl,"/"), true);
 99 |             if ($this->getAllowCredentials()) {
100 |                 $this->response->setHeader('Access-Control-Allow-Credentials', 'true', true);
101 |             }
102 |             if ($this->getEnableAmp()) {
103 |                 $this->response->setHeader('AMP-Access-Control-Allow-Source-Origin', rtrim($originUrl,"/"), true);
104 |             }
105 |             if ((int)$this->getMaxAge() > 0) {
106 |                 $this->response->setHeader('Access-Control-Max-Age', $this->getMaxAge(), true);
107 |             }
108 |         }
109 |     }
110 | 
111 | }


--------------------------------------------------------------------------------
/Plugin/CorsRequestMatchPlugin.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | /**
 4 |  * @copyright  Copyright 2017 SplashLab
 5 |  */
 6 | 
 7 | namespace SplashLab\CorsRequests\Plugin;
 8 | 
 9 | use Magento\Framework\Webapi\Rest\Request;
10 | use Magento\Webapi\Controller\Rest\Router;
11 | 
12 | /**
13 |  * Class CorsRequestMatchPlugin
14 |  *
15 |  * @package SplashLab\CorsRequests
16 |  */
17 | class CorsRequestMatchPlugin
18 | {
19 | 
20 |     /**
21 |      * @var \Magento\Framework\Webapi\Rest\Request
22 |      */
23 |     private $request;
24 | 
25 |     /**
26 |      * @var \Magento\Framework\Controller\Router\Route\Factory
27 |      */
28 |     protected $routeFactory;
29 | 
30 |     /**
31 |      * Initialize dependencies.
32 |      *
33 |      * @param \Magento\Framework\Webapi\Rest\Request $request
34 |      * @param \Magento\Framework\Controller\Router\Route\Factory $routeFactory
35 |      */
36 |     public function __construct(
37 |         \Magento\Framework\Webapi\Rest\Request $request,
38 |         \Magento\Framework\Controller\Router\Route\Factory $routeFactory
39 |     ) {
40 |         $this->request = $request;
41 |         $this->routeFactory = $routeFactory;
42 |     }
43 | 
44 |     /**
45 |      * Generate the list of available REST routes. Current HTTP method is taken into account.
46 |      *
47 |      * @param \Magento\Webapi\Model\Rest\Config $subject
48 |      * @param $proceed
49 |      * @param Request $request
50 |      * @return \Magento\Webapi\Controller\Rest\Router\Route
51 |      * @throws \Magento\Framework\Webapi\Exception
52 |      */
53 |     public function aroundMatch(
54 |         Router $subject,
55 |         callable $proceed,
56 |         Request $request
57 |     )
58 |     {
59 |         try {
60 |             $returnValue = $proceed($request);
61 |         } catch (\Magento\Framework\Webapi\Exception $e) {
62 |             $requestHttpMethod = $this->request->getHttpMethod();
63 |             if ($requestHttpMethod == 'OPTIONS') {
64 |                 return $this->createRoute();
65 |             } else {
66 |                 throw $e;
67 |             }
68 |         }
69 |         return $returnValue;
70 |     }
71 | 
72 |     /**
73 |      * Create route object to the placeholder CORS route.
74 |      *
75 |      * @return \Magento\Webapi\Controller\Rest\Router\Route
76 |      */
77 |     protected function createRoute()
78 |     {
79 |         /** @var $route \Magento\Webapi\Controller\Rest\Router\Route */
80 |         $route = $this->routeFactory->createRoute(
81 |             'Magento\Webapi\Controller\Rest\Router\Route',
82 |             '/V1/cors/check'
83 |         );
84 | 
85 |         $route->setServiceClass('SplashLab\CorsRequests\Api\CorsCheckInterface')
86 |             ->setServiceMethod('check')
87 |             ->setSecure(false)
88 |             ->setAclResources(['anonymous'])
89 |             ->setParameters([]);
90 | 
91 |         return $route;
92 |     }
93 | 
94 | }


--------------------------------------------------------------------------------
/Plugin/CorsRequestOptionsPlugin.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | /**
 4 |  * @copyright  Copyright 2017 SplashLab
 5 |  */
 6 | 
 7 | namespace SplashLab\CorsRequests\Plugin;
 8 | 
 9 | use Magento\Framework\Webapi\Request;
10 | use Magento\Framework\Exception\InputException;
11 | 
12 | /**
13 |  * Class CorsRequestOptionsPlugin
14 |  *
15 |  * @package SplashLab\CorsRequests
16 |  */
17 | class CorsRequestOptionsPlugin
18 | {
19 | 
20 |     /**
21 |      * Triggers before original dispatch
22 |      * Allow Options requests from jQuery AJAX
23 |      *
24 |      * @param Request $subject
25 |      * @return void
26 |      * @throws InputException
27 |      */
28 |     public function aroundGetHttpMethod(
29 |         Request $subject
30 |     ) {
31 |         if (!$subject->isGet() && !$subject->isPost() && !$subject->isPut() && !$subject->isDelete() && !$subject->isOptions()) {
32 |             throw new InputException(__('Request method is invalid.'));
33 |         }
34 |         return $subject->getMethod();
35 |     }
36 | 
37 | }


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Magento 2 CORS Cross-Domain Requests by SplashLab
 2 | 
 3 | This module allows you to enable Cross-Origin Resource Sharing (CORS) REST API requests in Magento 2 by adding the appropriate HTTP headers and handling the pre-flight OPTIONS requests.
 4 | 
 5 | This can be used to allow AJAX and other requests to the Magento 2 REST API from another domain (or subdomain). 
 6 | 
 7 | ## How to install
 8 | 
 9 | ### 1. via composer
10 | 
11 | Edit `composer.json`
12 | 
13 | ```
14 | {
15 |     "repositories": [
16 |         {
17 |             "type": "vcs",
18 |             "url": "https://github.com/splashlab/magento-2-cors-requests"
19 |         }
20 |     ],
21 |     "require": {
22 |         "splashlab/magento-2-cors-requests": "dev-master"
23 |     }
24 | }
25 | ```
26 | 
27 | ```
28 | composer install
29 | php bin/magento setup:upgrade
30 | php bin/magento setup:static-content:deploy
31 | ```
32 | 
33 | ### 2. Copy and paste
34 | 
35 | Download latest version from GitHub
36 | 
37 | Paste into `app/code/SplashLab/CorsRequests` directory
38 | 
39 | ```
40 | php bin/magento setup:upgrade
41 | php bin/magento setup:static-content:deploy
42 | ```
43 | 
44 | ### 3. Update Origin URL
45 | 
46 | In `Stores -> Configuration`, go to `General -> Web -> CORS Requests Configuration`.
47 | 
48 | Then edit the the `CORS Origin Url` field to the domain you want to enable cross-domain requests from. (i.e. http://example.com)
49 | 
50 | ## How does it work?
51 | 
52 | The full implementation of CORS cross-domain HTTP requests is outside the scope of this README, but this is what this module does:
53 | 
54 | 1. Allows onfigureing an Origin Url in the Admin Configuration area - this is the domain which cross-domain requests are permitted from
55 | 2. This domain is added to a `Access-Control-Allow-Origin` response HTTP header
56 | 3. Optionally you can enable the `Access-Control-Allow-Credentials` header as well, to enable passing cookies
57 | 
58 | For non-GET and non-standard-POST requests (i.e. PUT and DELETE), the "pre-flight check" OPTIONS request is handled by:
59 | 
60 | 1. An empty `/V1/cors/check` API response with the appropriate headers:
61 | 2. `Access-Control-Allow-Methods` response header, which mirrors the `Access-Control-Request-Method` request header
62 | 3. `Access-Control-Allow-Headers` response header, which mirrors the `Access-Control-Request-Headers` request header
63 | 
64 | ### Alternative Solutions
65 | 
66 | You can also manage these CORS headers with Apache and Nginx rules, instead of using this extension:
67 | 
68 | - https://community.magento.com/t5/Magento-2-Feature-Requests-and/API-CORS-requests-will-fail-without-OPTIONS-reponse/idi-p/60551
69 | - https://stackoverflow.com/questions/35174585/how-to-add-cors-cross-origin-policy-to-all-domains-in-nginx
70 | 
71 | But I created this extension to allow you to configure the Origin domain the Admin Configuration, and to avoid having to create and manage special server configuration.
72 | 
73 | ## CORS Cross-Domain Request References
74 | 
75 | - https://en.wikipedia.org/wiki/Cross-origin_resource_sharing
76 | - https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
77 | - https://www.html5rocks.com/en/tutorials/cors/
78 | - https://stackoverflow.com/questions/29954037/how-to-disable-options-request
79 | - https://stackoverflow.com/questions/12320467/jquery-cors-content-type-options
80 | - https://github.com/magento/magento2/issues/8399
81 | 
82 | 
83 | 
84 | 
85 | 


--------------------------------------------------------------------------------
/composer.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     "name": "lpouwelse/magento-2-cors-requests",
 3 |     "description": "Enabling cross-origin resource sharing (CORS) requests to Magento 2 API from configured Origin domain",
 4 |     "homepage": "https://github.com/splashlab/magento-2-cors-requests",
 5 |     "type": "magento2-module",
 6 |     "version": "100.0.7",
 7 |     "license": [
 8 |         "OSL-3.0",
 9 |         "AFL-3.0"
10 |     ],
11 |     "support": {
12 |         "issues": "https://github.com/splashlab/magento-2-cors-requests/issues",
13 |         "source": "https://github.com/splashlab/magento-2-cors-requests"
14 |     },
15 |     "require": {
16 |         "php": "~7.1.3||~7.2.0||~7.3.0||~7.4.0||~8.1.0",
17 |         "magento/framework": "*"
18 |     },
19 |     "autoload": {
20 |         "files": [
21 |             "registration.php"
22 |         ],
23 |         "psr-4": {
24 |             "SplashLab\\CorsRequests\\": ""
25 |         }
26 |     }
27 | }
28 | 


--------------------------------------------------------------------------------
/etc/acl.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0"?>
 2 | <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 3 |         xsi:noNamespaceSchemaLocation="urn:magento:framework:Acl/etc/acl.xsd">
 4 |     <acl>
 5 |         <resources>
 6 |             <resource id="Magento_Backend::admin">
 7 |                 <resource id="Magento_Backend::stores">
 8 |                     <resource id="Magento_Backend::stores_settings">
 9 |                         <resource id="Magento_Config::config">
10 |                             <resource id="SplashLab_CorsRequests::config" title="CORS Request Configuration" sortOrder="50"/>
11 |                         </resource>
12 |                     </resource>
13 |                 </resource>
14 |             </resource>
15 |         </resources>
16 |     </acl>
17 | </config>


--------------------------------------------------------------------------------
/etc/adminhtml/system.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0"?>
 2 | <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 3 |         xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Config:etc/system_file.xsd">
 4 |     <system>
 5 |         <section id="web">
 6 |             <resource>SplashLab_CorsRequests::config</resource>
 7 |             <group id="corsRequests" translate="label" type="text" sortOrder="10" showInDefault="1" showInWebsite="1"
 8 |                    showInStore="1">
 9 |                 <label>CORS Requests Configuration</label>
10 |                 <field id="origin_url" translate="label" type="text" sortOrder="40" showInDefault="1" showInWebsite="1"
11 |                        showInStore="1">
12 |                     <label>CORS Origin Url</label>
13 |                     <comment>*, or fully qualified URLs without trailing '/' (slash) (e.g. http://example.com)
14 |                     </comment>
15 |                 </field>
16 |                 <field id="allow_credentials" translate="label" type="text" sortOrder="40" showInDefault="1" showInWebsite="1"
17 |                        showInStore="1">
18 |                     <label>CORS Allow Credentials</label>
19 |                     <source_model>Magento\Config\Model\Config\Source\Yesno</source_model>
20 |                     <comment>Enables Access-Control-Allow-Credentials response header to pass cookies</comment>
21 |                 </field>
22 |                 <field id="enable_amp" translate="label" type="text" sortOrder="40" showInDefault="1" showInWebsite="1"
23 |                        showInStore="1">
24 |                     <label>CORS Requests for AMP</label>
25 |                     <source_model>Magento\Config\Model\Config\Source\Yesno</source_model>
26 |                     <comment>Enables AMP-Access-Control-Allow-Source-Origin response header for AMP CORS requests</comment>
27 |                 </field>
28 |                 <field id="max_age" translate="label" type="text" sortOrder="40" showInDefault="1" showInWebsite="1"
29 |                        showInStore="1">
30 |                     <label>CORS Request Max Age</label>
31 |                     <comment>Enables Access-Control-Max-Age response header for CORS requests (max age in seconds)</comment>
32 |                 </field>
33 |             </group>
34 |         </section>
35 |     </system>
36 | </config>
37 | 


--------------------------------------------------------------------------------
/etc/config.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0"?>
 2 | <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 3 |         xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Store:etc/config.xsd">
 4 |     <default>
 5 |         <web>
 6 |             <corsRequests>
 7 |                 <origin_url>*</origin_url>
 8 |                 <allow_credentials>0</allow_credentials>
 9 |                 <enable_amp>0</enable_amp>
10 |             </corsRequests>
11 |         </web>
12 |     </default>
13 | </config>


--------------------------------------------------------------------------------
/etc/di.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0"?>
 2 | <!--
 3 | /**
 4 |  * @copyright  Copyright 2017 SplashLab
 5 |  */
 6 | -->
 7 | <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 8 |         xsi:noNamespaceSchemaLocation="urn:magento:framework:ObjectManager/etc/config.xsd">
 9 | 
10 |     <preference for="SplashLab\CorsRequests\Api\CorsCheckInterface" type="SplashLab\CorsRequests\Model\CorsCheck"/>
11 | 
12 |     <type name="Magento\Webapi\Controller\Rest">
13 |         <plugin name="cors_headers" type="SplashLab\CorsRequests\Plugin\CorsHeadersPlugin" />
14 |     </type>
15 |     <type name="Magento\Framework\Webapi\Rest\Request">
16 |         <plugin name="cors_request_options" type="SplashLab\CorsRequests\Plugin\CorsRequestOptionsPlugin" />
17 |     </type>
18 |     <type name="Magento\Webapi\Controller\Rest\Router">
19 |         <plugin name="cors_request_match" type="SplashLab\CorsRequests\Plugin\CorsRequestMatchPlugin" />
20 |     </type>
21 | 
22 | </config>


--------------------------------------------------------------------------------
/etc/module.xml:
--------------------------------------------------------------------------------
1 | <?xml version="1.0"?>
2 | 
3 | <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
4 |         xsi:noNamespaceSchemaLocation="urn:magento:framework:Module/etc/module.xsd">
5 |     <module name="SplashLab_CorsRequests" setup_version="2.1.0">
6 |     </module>
7 | </config>


--------------------------------------------------------------------------------
/etc/webapi.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0"?>
 2 | <!--
 3 | /**
 4 |  * @copyright  Copyright 2017 SplashLab
 5 |  */
 6 | -->
 7 | <routes xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 8 |         xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Webapi:etc/webapi.xsd">
 9 | 
10 |     <!-- Example: curl http://127.0.0.1/index.php/rest/V1/cors/check/ -->
11 |     <route url="/V1/cors/check" method="GET">
12 |         <service class="SplashLab\CorsRequests\Api\CorsCheckInterface" method="check"/>
13 |         <resources>
14 |             <resource ref="anonymous"/>
15 |         </resources>
16 |     </route>
17 | 
18 | </routes>


--------------------------------------------------------------------------------
/registration.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | /**
 3 |  * @copyright  Copyright 2017 SplashLab
 4 |  */
 5 | 
 6 | \Magento\Framework\Component\ComponentRegistrar::register(
 7 |     \Magento\Framework\Component\ComponentRegistrar::MODULE,
 8 |     'SplashLab_CorsRequests',
 9 |     __DIR__
10 | );
11 | 


--------------------------------------------------------------------------------