src/EventSubscriber/ApiRequestSubscriber.php line 13
<?php
// src/EventSubscriber/ApiRequestSubscriber.php
namespace App\EventSubscriber;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\Event\RequestEvent;
class ApiRequestSubscriber implements EventSubscriberInterface
{
public function onKernelRequest(RequestEvent $event): void
{
$request = $event->getRequest();
$route = $request->attributes->get('_route');
// Čitanje vrijednosti iz env datoteke
$allowedDomainsEnv = $_ENV["ALLOWED_DOMAINS"];
// Pretvaranje stringa u niz koristeći zarez kao separator
$allowedDomains = explode(',', $allowedDomainsEnv);
// Ukloniti prazne elemente i trimovati svaki element u nizu
$allowedDomains = array_map('trim', array_filter($allowedDomains));
// Ako nema vrijednosti u env varijabli, postaviti na prazan niz
if (empty($allowedDomains)) {
$allowedDomains = [];
}
if ($route === 'api_pin_orders') {
$origin = $request->headers->get('Origin');
if (!$origin) {
$event->setResponse(new Response('Forbidden', Response::HTTP_FORBIDDEN));
return;
}
// Dobijanje domene iz Origin zaglavlja
$originHost = parse_url($origin, PHP_URL_HOST);
// Ovdje možete nastaviti s provjerom domena, npr. u odnosu na dozvoljene domene
if (!in_array($originHost, $allowedDomains)) {
$event->setResponse(new Response('Forbidden', Response::HTTP_FORBIDDEN));
}
}
}
public static function getSubscribedEvents()
{
return [
'kernel.request' => 'onKernelRequest',
];
}
}