diff options
| author | Bernhard Posselt <dev@bernhard-posselt.com> | 2014-05-11 19:55:59 +0400 |
|---|---|---|
| committer | Bernhard Posselt <dev@bernhard-posselt.com> | 2014-05-11 19:55:59 +0400 |
| commit | 63f2f16b852e126cbbf478f2d25232195c5a37e4 (patch) | |
| tree | 3aa091f59938d8e70de2223c1708d3247ebaabe9 /lib/private/appframework | |
| parent | 474b8f071d4451a61c2ef83bd09e4d9933998331 (diff) | |
use new controllermethodreflector for corsmiddleware
Diffstat (limited to 'lib/private/appframework')
| -rw-r--r-- | lib/private/appframework/dependencyinjection/dicontainer.php | 5 | ||||
| -rw-r--r-- | lib/private/appframework/middleware/security/corsmiddleware.php | 13 |
2 files changed, 12 insertions, 6 deletions
diff --git a/lib/private/appframework/dependencyinjection/dicontainer.php b/lib/private/appframework/dependencyinjection/dicontainer.php index 00181694135..97a6569a0f6 100644 --- a/lib/private/appframework/dependencyinjection/dicontainer.php +++ b/lib/private/appframework/dependencyinjection/dicontainer.php @@ -104,7 +104,10 @@ class DIContainer extends SimpleContainer implements IAppContainer{ }); $this['CORSMiddleware'] = $this->share(function($c) { - return new CORSMiddleware($c['Request']); + return new CORSMiddleware( + $c['Request'], + $c['ControllerMethodReflector'] + ); }); $middleWares = &$this->middleWares; diff --git a/lib/private/appframework/middleware/security/corsmiddleware.php b/lib/private/appframework/middleware/security/corsmiddleware.php index e32c5d42875..dca3996ea2e 100644 --- a/lib/private/appframework/middleware/security/corsmiddleware.php +++ b/lib/private/appframework/middleware/security/corsmiddleware.php @@ -11,7 +11,7 @@ namespace OC\AppFramework\Middleware\Security; -use OC\AppFramework\Utility\MethodAnnotationReader; +use OC\AppFramework\Utility\ControllerMethodReflector; use OCP\IRequest; use OCP\AppFramework\Http\Response; use OCP\AppFramework\Middleware; @@ -25,12 +25,16 @@ use OCP\AppFramework\Middleware; class CORSMiddleware extends Middleware { private $request; + private $reflector; /** * @param IRequest $request + * @param ControllerMethodReflector $reflector */ - public function __construct(IRequest $request) { + public function __construct(IRequest $request, + ControllerMethodReflector $reflector) { $this->request = $request; + $this->reflector = $reflector; } @@ -46,10 +50,9 @@ class CORSMiddleware extends Middleware { */ public function afterController($controller, $methodName, Response $response){ // only react if its a CORS request and if the request sends origin and - $reflector = new MethodAnnotationReader($controller, $methodName); if(isset($this->request->server['HTTP_ORIGIN']) && - $reflector->hasAnnotation('CORS')) { + $this->reflector->hasAnnotation('CORS')) { // allow credentials headers must not be true or CSRF is possible // otherwise @@ -57,7 +60,7 @@ class CORSMiddleware extends Middleware { if(strtolower($header) === 'access-control-allow-credentials' && strtolower(trim($value)) === 'true') { $msg = 'Access-Control-Allow-Credentials must not be '. - 'set to true in order to prevent CSRF'; + 'set to true in order to prevent CSRF'; throw new SecurityException($msg); } } |