CORS

app/common/Middleware/Cors.php

@@ -0,0 +1,24 @@
+<?php
+namespace ProVM\Money\Common\Middleware;
+
+use Psr\Http\Message\ServerRequestInterface as Request;
+use Psr\Http\Server\RequestHandlerInterface as Handler;
+use Psr\Http\Message\ResponseInterface as Response;
+use Slim\Routing\RouteContext;
+
+class Cors {
+  public function __invoke(Request $request, Handler $handler): Response {
+    $routeContext = RouteContext::fromRequest($request);
+    $routingResults = $routeContext->getRoutingResults();
+    $methods = $routingResults->getAllowedMethods();
+    $requestHeaders = $request->getHeaderLine('Access-Control-Request-Headers');
+
+    $response = $handler->handle($request);
+
+    $response = $response->withHeader('Access-Control-Allow-Origin', 'http://localhost:8080,http://localhost:8081');
+    $response = $response->withHeader('Access-Control-Allow-Methods', implode(',', $methods));
+    $response = $response->withHeader('Access-Control-Allow-Headers', $requestHeaders);
+    //$response = $response->withHeader('Access-Control-Allow-Credentials', 'true');
+    return $response;
+  }
+}

app/docker/nginx.conf

@@ -1,15 +1,56 @@
+log_format main_json escape=json '{'
+  '"msec": "$msec", ' # request unixtime in seconds with a milliseconds resolution
+  '"connection": "$connection", ' # connection serial number
+  '"connection_requests": "$connection_requests", ' # number of requests made in connection
+  '"pid": "$pid", ' # process pid
+  '"request_id": "$request_id", ' # the unique request id
+  '"request_length": "$request_length", ' # request length (including headers and body)
+  '"remote_addr": "$remote_addr", ' # client IP
+  '"remote_user": "$remote_user", ' # client HTTP username
+  '"remote_port": "$remote_port", ' # client port
+  '"time_local": "$time_local", '
+  '"time_iso8601": "$time_iso8601", ' # local time in the ISO 8601 standard format
+  '"request": "$request", ' # full path no arguments if the request
+  '"request_uri": "$request_uri", ' # full path and arguments if the request
+  '"args": "$args", ' # args
+  '"status": "$status", ' # response status code
+  '"body_bytes_sent": "$body_bytes_sent", ' # the number of body bytes exclude headers sent to a client
+  '"bytes_sent": "$bytes_sent", ' # the number of bytes sent to a client
+  '"http_referer": "$http_referer", ' # HTTP referer
+  '"http_user_agent": "$http_user_agent", ' # user agent
+  '"http_x_forwarded_for": "$http_x_forwarded_for", ' # http_x_forwarded_for
+  '"http_host": "$http_host", ' # the request Host: header
+  '"server_name": "$server_name", ' # the name of the vhost serving the request
+  '"request_time": "$request_time", ' # request processing time in seconds with msec resolution
+  '"upstream": "$upstream_addr", ' # upstream backend server for proxied requests
+  '"upstream_connect_time": "$upstream_connect_time", ' # upstream handshake time incl. TLS
+  '"upstream_header_time": "$upstream_header_time", ' # time spent receiving upstream headers
+  '"upstream_response_time": "$upstream_response_time", ' # time spend receiving upstream body
+  '"upstream_response_length": "$upstream_response_length", ' # upstream response length
+  '"upstream_cache_status": "$upstream_cache_status", ' # cache HIT/MISS where applicable
+  '"ssl_protocol": "$ssl_protocol", ' # TLS protocol
+  '"ssl_cipher": "$ssl_cipher", ' # TLS cipher
+  '"scheme": "$scheme", ' # http or https
+  '"request_method": "$request_method", ' # request method
+  '"server_protocol": "$server_protocol", ' # request protocol, like HTTP/1.1 or HTTP/2.0
+  '"pipe": "$pipe", ' # “p” if request was pipelined, “.” otherwise
+  '"gzip_ratio": "$gzip_ratio", '
+  '"http_cf_ray": "$http_cf_ray"'
+'}';
 server {
   listen 80;
   server_name money_app;
   index index.php;
   error_log /code/app/logs/error.log;
-  access_log /code/app/logs/access.log;
+  access_log /code/app/logs/access.log main_json;
   root /code/app/public;
 
   location / {
     try_files $uri /index.php$is_args$args;
   }
 
+  add_header 'Access-Control-Allow-Origin' 'http://localhost:8080';
+
   location ~ \.php {
     try_files $uri =404;
     fastcgi_split_path_info ^(.+\.php)(/.+)$;

app/resources/routes/api.php

@@ -5,3 +5,7 @@ include_once 'currencies.php';
 include_once 'values.php';
 
 $app->get('/', API::class);
+
+$app->options('/', function ($request, $response, $args) {
+    return $response;
+});

app/resources/routes/currencies.php

@@ -4,6 +4,10 @@ use ProVM\Money\Common\Controller\Currencies;
 $app->group('/currencies', function($app) {
   $app->post('/add[/]', [Currencies::class, 'add']);
   $app->get('[/]', Currencies::class);
+
+  $app->options('[/]', function (Request $request, Response $response): Response {
+    return $response;
+  });
 });
 
 $app->group('/currency/{currency_id}', function($app) {
@@ -12,6 +16,12 @@ $app->group('/currency/{currency_id}', function($app) {
   $app->group('/values', function($app) {
     $app->post('/add[/]', [Currencies::class, 'addValues']);
     $app->get('[/]', [Currencies::class, 'getValues']);
+    $app->options('[/]', function (Request $request, Response $response): Response {
+      return $response;
+    });
   });
   $app->get('[/]', [Currencies::class, 'get']);
+  $app->options('[/]', function (Request $request, Response $response): Response {
+    return $response;
+  });
 });

app/setup/app.php

@@ -47,6 +47,7 @@ include_once 'databases.php';
 if ($container->has('base_url')) {
   $app->setBasePath($container->get('base_url'));
 }
+$app->add(new ProVM\Money\Common\Middleware\Cors());
 $app->addRoutingMiddleware();
 
 foreach ($folders as $folder) {