fabiocarneiro/AddHeadersForEveryResponseMiddleware.php Secret

## AddHeadersForEveryResponseMiddleware.php
<?php

class AddHeadersForEveryResponseMiddleware
{
    public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next = null)
    {
        return $response
            ->withAddedHeader('Access-Control-Allow-Origin', '*')
            ->withAddedHeader('Access-Control-Allow-Methods', '*')
            ->withAddedHeader('Access-Control-Allow-Headers', '*');
    }
}

## AuthenticationMiddleware.php
<?php

class CORSHeadersInResponseMiddleware
{
    public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next = null)
    {
        return $next($request, new JsonResponse());
    }
}

## config.php
<?php
return [
    'routes' => [
        // no route for the current path
    ],
    'middleware_pipeline' => [
        'pre_routing' => [
            [
                // deal with OPTIONS request only
                'middleware' => AddHeadersOnlyForOptionsResponseMiddleware::class,
            ],
            [
                'middleware' => AuthenticationMiddleware::class,
                'path' => '/authentication',
            ],
        ],
        'post_routing' => [
            [
                // add headers for CORS in other requests
                'middleware' => AddHeadersForEveryResponseMiddleware::class,
            ],
        ],
    ],
];

## CORSOptionRequestMiddleware.php
<?php

class AddHeadersOnlyForOptionsResponseMiddleware
{
    public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next = null)
    {
        if ('OPTIONS' !== $request->getMethod()) {
            return $next($request, $response);
        }

         return $response
            ->withAddedHeader('Access-Control-Allow-Origin', '*')
            ->withAddedHeader('Access-Control-Allow-Methods', '*')
            ->withAddedHeader('Access-Control-Allow-Headers', '*');
        }
    }
}
	<?php

	class AddHeadersForEveryResponseMiddleware
	{
	public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next = null)
	{
	return $response
	->withAddedHeader('Access-Control-Allow-Origin', '*')
	->withAddedHeader('Access-Control-Allow-Methods', '*')
	->withAddedHeader('Access-Control-Allow-Headers', '*');
	}
	}
	<?php

	class CORSHeadersInResponseMiddleware
	{
	public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next = null)
	{
	return $next($request, new JsonResponse());
	}
	}
	<?php
	return [
	'routes' => [
	// no route for the current path
	],
	'middleware_pipeline' => [
	'pre_routing' => [
	[
	// deal with OPTIONS request only
	'middleware' => AddHeadersOnlyForOptionsResponseMiddleware::class,
	],
	[
	'middleware' => AuthenticationMiddleware::class,
	'path' => '/authentication',
	],
	],
	'post_routing' => [
	[
	// add headers for CORS in other requests
	'middleware' => AddHeadersForEveryResponseMiddleware::class,
	],
	],
	],
	];
	<?php

	class AddHeadersOnlyForOptionsResponseMiddleware
	{
	public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next = null)
	{
	if ('OPTIONS' !== $request->getMethod()) {
	return $next($request, $response);
	}

	return $response
	->withAddedHeader('Access-Control-Allow-Origin', '*')
	->withAddedHeader('Access-Control-Allow-Methods', '*')
	->withAddedHeader('Access-Control-Allow-Headers', '*');
	}
	}
	}