Hey there. I like your middleware, but can't use it because I have a case where I'm using Laravel\Lumen\Http\ResponseFactory::download to return a download response, which is an instance of Symfony\Something\BinaryFileResponse. Symfony Response objects don't have the header() method, which is added by Laravel, but is a simple passthrough to $this->headers->set().

So anyway, by using the parent class, you make this middleware more flexible, and typehinting the SymfonyResponse doesn't break anything because all Illuminate\Http\Response objects are instances of the parent Symfony object.

As per https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Requests_with_credentials "when responding to a credentialed request, server must specify a domain, and cannot use wild carding".

CorsService::getCorsHeaders() currently has 'Access-Control-Allow-Origin' => '*',. If this where changed to 'Access-Control-Allow-Origin' => $request->headers->get('Origin') ?: '*', then credentialed requests will also work.

@vluzrmos is this a change you would be OK with? If so, would you like a pull request?

When use custom routes like "$app->get('/user/{id}')" the server respond with code 405, like the route don't exist. I've look and probably is something with this line in CorsServiceProvider class:

$this->app->options($request->path(), function(){ return new Response('OK', 200); });

I think that Laravel is considering the fixed route /user/3 instead of /user/{id} and the GET method

This package has a conflict with illuminate/support, while trying to upgrade to lumen v6. Please

Please check the following error log.

`` Problem 1 - illuminate/http 5.4.x-dev requires illuminate/session 5.4.* -> satisfiable by illuminate/session[5.4.x-dev, v5.4.0, v5.4.13, v5.4.17, v5.4.19, v5.4.27, v5.4.36, v5.4.9]. - illuminate/http v5.4.0 requires illuminate/session 5.4.* -> satisfiable by illuminate/session[5.4.x-dev, v5.4.0, v5.4.13, v5.4.17, v5.4.19, v5.4.27, v5.4.36, v5.4.9]. - illuminate/http v5.4.13 requires illuminate/session 5.4.* -> satisfiable by illuminate/session[5.4.x-dev, v5.4.0, v5.4.13, v5.4.17, v5.4.19, v5.4.27, v5.4.36, v5.4.9]. - illuminate/http v5.4.17 requires illuminate/session 5.4.* -> satisfiable by

Conclusion: don't install laravel/framework v6.0.2|install vluzrmos/lumen-cors v2.1.2 - Installation request for vluzrmos/lumen-cors 2.1. -> satisfiable by vluzrmos/lumen-cors[2.1.x-dev, v2.1.0, v2.1.1, v2.1.2].* ``

I've installed on a fresh copy of lumen but doesn't works, trace:

405 - MethodNotAllowedHttpException

in Application.php line 1176
at Application->handleDispatcherResponse(array('2', array('POST', 'GET'))) in Application.php line 1131
at Application->Laravel\Lumen\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 139
at Pipeline->Illuminate\Pipeline\{closure}(object(Request)) in CorsMiddleware.php line 26
at CorsMiddleware->handle(object(Request), object(Closure))
at call_user_func_array(array(object(CorsMiddleware), 'handle'), array(object(Request), object(Closure))) in Pipeline.php line 124
at Pipeline->Illuminate\Pipeline\{closure}(object(Request)) in StartSession.php line 61
at StartSession->handle(object(Request), object(Closure))
at call_user_func_array(array(object(StartSession), 'handle'), array(object(Request), object(Closure))) in Pipeline.php line 124
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 103
at Pipeline->then(object(Closure)) in Application.php line 1352
at Application->sendThroughPipeline(array('Illuminate\Session\Middleware\StartSession', 'Vluzrmos\LumenCors\Middlewares\CorsMiddleware'), object(Closure)) in Application.php line 1132
at Application->dispatch(null) in Application.php line 1072
at Application->run() in index.php line 28
at require_once('E:\projetos\testeCors\public\index.php') in server.php line 12

I test with a simple OPTIONS request to the server and Lumen 5.1

Was having issues because the parameter of setCorsHeaders was expecting a Response object, however it was receiving a JsonResponse object. Made the parameter expect a generic variable rather than an explicit "Response"

Hi,

After an update of all my dependencies (running Lumen 5.4), I noticed the following error:

The Symfony\\Component\\HttpFoundation\\Request::setTrustedProxies() method expects a bit field of Request::HEADER_* as second argument. Defining it is required since version 3.3. See http://symfony.com/doc/current/components/http_foundation/trusting_proxies.html for more info.

Documentation in the file Request shows for argument trustedHeaderSet of setTrustedProxiesmethod:

/**
 * @param int   $trustedHeaderSet A bit field of Request::HEADER_*, usually either Request::HEADER_FORWARDED or Request::HEADER_X_FORWARDED_ALL, to set which headers to trust from your proxies
 */

It seems that the line:

$request->setTrustedProxies($request->getClientIps());

Should also implement the following:

$request->setTrustedProxies($request->getClientIps(), Request::HEADER_X_FORWARDED_ALL);

Or something like this :)

Thanks !

vluzrmos/lumen-cors now has a Chat Room on Gitter

@vluzrmos has just created a chat room. You can visit it here: https://gitter.im/vluzrmos/lumen-cors.

This pull-request adds this badge to your README.md:

If my aim is a little off, please let me know.

Happy chatting.

PS: Click here if you would prefer not to receive automatic pull-requests from Gitter in future.