@@ -181,11 +181,14 @@ public function isOriginAllowed(Request $request): bool
181
181
182
182
$ origin = $ request ->headers ->get ('Origin ' );
183
183
184
+ if ($ origin === null ) {
185
+ return false ;
186
+ }
187
+
184
188
if (in_array ($ origin , $ this ->options ['allowedOrigins ' ])) {
185
189
return true ;
186
190
}
187
191
188
- /** @var string $pattern */
189
192
foreach ($ this ->options ['allowedOriginsPatterns ' ] as $ pattern ) {
190
193
if (preg_match ($ pattern , $ origin )) {
191
194
return true ;
@@ -219,7 +222,7 @@ private function configureAllowedOrigin(Response $response, Request $request): v
219
222
} else {
220
223
// For dynamic headers, set the requested Origin header when set and allowed
221
224
if ($ this ->isCorsRequest ($ request ) && $ this ->isOriginAllowed ($ request )) {
222
- $ response ->headers ->set ('Access-Control-Allow-Origin ' , $ request ->headers ->get ('Origin ' ));
225
+ $ response ->headers ->set ('Access-Control-Allow-Origin ' , ( string ) $ request ->headers ->get ('Origin ' ));
223
226
}
224
227
225
228
$ this ->varyHeader ($ response , 'Origin ' );
@@ -250,7 +253,7 @@ private function configureAllowedMethods(Response $response, Request $request):
250
253
private function configureAllowedHeaders (Response $ response , Request $ request ): void
251
254
{
252
255
if ($ this ->options ['allowAllHeaders ' ] === true ) {
253
- $ allowHeaders = $ request ->headers ->get ('Access-Control-Request-Headers ' );
256
+ $ allowHeaders = ( string ) $ request ->headers ->get ('Access-Control-Request-Headers ' );
254
257
$ this ->varyHeader ($ response , 'Access-Control-Request-Headers ' );
255
258
} else {
256
259
$ allowHeaders = implode (', ' , $ this ->options ['allowedHeaders ' ]);
0 commit comments