pronchev/pinecore
1
Fork 0
Code Actions Packages Releases Wiki Activity

Add runtime exception on missing CORS config

Browse Source
This commit is contained in:
Nikolay Pronchev
2026-04-06 15:56:10 +03:00
parent ab89913ebf
commit ce5a85628c
2 changed files with 30 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
.claude/kb/http.md
View File

@@ -68,3 +68,21 @@ $response->emit(): void // http_response_code + headers + e
throw new HttpException('Forbidden', 403); throw new HttpException('Forbidden', 403);
// → перехватывается в HttpApplication::dispatch() → Response::error(message, code) // → перехватывается в HttpApplication::dispatch() → Response::error(message, code)
``` ```
## HttpApplication — конфигурационные зависимости
`HttpApplication` требует наличия ключа `cors` в `config/app.php`. Конфиг читается при каждом
запросе (в т.ч. OPTIONS-preflight). Если ключ отсутствует — бросается
`\RuntimeException('app.cors config is missing')`.
```php
// config/app.php
return [
'cors' => [
'origins' => '*',
'methods' => 'GET, POST, PUT, DELETE, OPTIONS',
'headers' => 'Content-Type, Authorization',
'max_age' => '86400',
],
];
```

14
src/Http/HttpApplication.php
View File

@@ -78,7 +78,7 @@ final class HttpApplication
/** @return array<string, string> */ /** @return array<string, string> */
private function corsHeaders(): array private function corsHeaders(): array
{ {
$cors = $this->config->get('app.cors'); $cors = $this->corsConfig();
return [ return [
'Access-Control-Allow-Origin' => $cors['origins'], 'Access-Control-Allow-Origin' => $cors['origins'],
'Access-Control-Allow-Methods' => $cors['methods'], 'Access-Control-Allow-Methods' => $cors['methods'],
@@ -88,10 +88,20 @@ final class HttpApplication
private function emitCorsHeaders(): void private function emitCorsHeaders(): void
{ {
$cors = $this->config->get('app.cors'); $cors = $this->corsConfig();
header('Access-Control-Allow-Origin: ' . $cors['origins']); header('Access-Control-Allow-Origin: ' . $cors['origins']);
header('Access-Control-Allow-Methods: ' . $cors['methods']); header('Access-Control-Allow-Methods: ' . $cors['methods']);
header('Access-Control-Allow-Headers: ' . $cors['headers']); header('Access-Control-Allow-Headers: ' . $cors['headers']);
header('Access-Control-Max-Age: ' . $cors['max_age']); header('Access-Control-Max-Age: ' . $cors['max_age']);
} }
/** @return array<string, mixed> */
private function corsConfig(): array
{
$cors = $this->config->get('app.cors');
if (!is_array($cors)) {
throw new \RuntimeException('app.cors config is missing');
}
return $cors;
}
} }