package SockJS::Middleware::Cors;
use strict;
use warnings;
use parent 'Plack::Middleware';
use Plack::Util;
sub call {
my $self = shift;
my ($env) = @_;
my $res = $self->app->(@_);
return $self->response_cb(
$res => sub {
my $res = shift;
my $h = Plack::Util::headers( $res->[1] );
my $origin = $env->{HTTP_ORIGIN};
$origin = '' unless defined $origin;
my %cors_headers = (
'Access-Control-Allow-Origin' => ( $origin eq '' )
? '*'
: $origin,
'Access-Control-Allow-Credentials' => 'true'
);
if ( my $request_headers =
$env->{HTTP_ACCESS_CONTROL_REQUEST_HEADERS} )
{
$cors_headers{'Access-Control-Allow-Headers'} =
$request_headers;
}
if ( my $allowed_methods = $env->{'sockjs.allowed_methods'} ) {
$cors_headers{'Access-Control-Allow-Methods'} =
join( ', ', @$allowed_methods );
}
if ($env->{'sockjs.cacheable'}) {
$cors_headers{'Access-Control-Max-Age'} = '31536000';
}
foreach my $header ( keys %cors_headers ) {
$h->push( $header => $cors_headers{$header} );
}
}
);
}
1;
