Skip to content

Commit fda2a6f

Browse files
barryvdhbarryvdh
committed
Test all Vary Headers
1 parent 75203c1 commit fda2a6f

File tree

2 files changed

+84
-2
lines changed

2 files changed

+84
-2
lines changed

src/CorsService.php

Lines changed: 14 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -211,8 +211,20 @@ public function varyHeader(Response $response, $header): Response
211211
{
212212
if (!$response->headers->has('Vary')) {
213213
$response->headers->set('Vary', $header);
214-
} elseif (!in_array($header, explode(', ', $response->headers->get('Vary')))) {
215-
$response->headers->set('Vary', $response->headers->get('Vary') . ', ' . $header);
214+
} else {
215+
$varyHeaders = $response->headers->all('Vary');
216+
$existing = [];
217+
foreach ($varyHeaders as $value) {
218+
$existing = array_merge($existing, explode(', ', $value));
219+
}
220+
221+
if (!in_array($header, $existing)) {
222+
if (count($varyHeaders) < 2) {
223+
$response->headers->set('Vary', $response->headers->get('Vary') . ', ' . $header);
224+
} else {
225+
$response->headers->set('Vary', $header, false);
226+
}
227+
}
216228
}
217229

218230
return $response;

tests/CorsTest.php

Lines changed: 70 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -271,6 +271,76 @@ public function it_appends_an_existing_vary_header()
271271
$this->assertEquals('Content-Type, Origin', $response->headers->get('Vary'));
272272
}
273273

274+
275+
/**
276+
* @test
277+
* @see http://www.w3.org/TR/cors/index.html#resource-implementation
278+
*/
279+
public function it_doesnt_append_an_existing_vary_header_when_exists()
280+
{
281+
$app = $this->createStackedApp(
282+
array(
283+
'allowedOrigins' => ['*'],
284+
'supportsCredentials' => true,
285+
),
286+
array(
287+
'Vary' => 'Content-Type, Origin'
288+
)
289+
);
290+
$request = $this->createValidActualRequest();
291+
292+
$response = $app->handle($request);
293+
294+
$this->assertTrue($response->headers->has('Vary'));
295+
$this->assertEquals('Content-Type, Origin', $response->headers->get('Vary'));
296+
}
297+
298+
/**
299+
* @test
300+
* @see http://www.w3.org/TR/cors/index.html#resource-implementation
301+
*/
302+
public function it_appends_an_existing_vary_header_when_multiple()
303+
{
304+
$app = $this->createStackedApp(
305+
array(
306+
'allowedOrigins' => ['*'],
307+
'supportsCredentials' => true,
308+
),
309+
array(
310+
'Vary' => ['Content-Type', 'Referer'],
311+
)
312+
);
313+
$request = $this->createValidActualRequest();
314+
315+
$response = $app->handle($request);
316+
317+
$this->assertTrue($response->headers->has('Vary'));
318+
$this->assertEquals(['Content-Type' ,'Referer', 'Origin'], $response->headers->all('Vary'));
319+
}
320+
321+
/**
322+
* @test
323+
* @see http://www.w3.org/TR/cors/index.html#resource-implementation
324+
*/
325+
public function it_doesnt_append_an_existing_vary_header_when_exists_multiple()
326+
{
327+
$app = $this->createStackedApp(
328+
array(
329+
'allowedOrigins' => ['*'],
330+
'supportsCredentials' => true,
331+
),
332+
array(
333+
'Vary' => ['Content-Type', 'Referer', 'Origin'],
334+
)
335+
);
336+
$request = $this->createValidActualRequest();
337+
338+
$response = $app->handle($request);
339+
340+
$this->assertTrue($response->headers->has('Vary'));
341+
$this->assertEquals(['Content-Type' ,'Referer', 'Origin'], $response->headers->all('Vary'));
342+
}
343+
274344
/**
275345
* @test
276346
*/

0 commit comments

Comments
 (0)