Phpstan level8 (#3)

barryvdh · web-flow · commit ed3e6217de11 · 2022-02-19T11:54:08.000+01:00
* Bump to 8, fix cast for origin

* Check origin

* Explicit cast
diff --git a/composer.json b/composer.json
@@ -32,7 +32,7 @@
     },
     "scripts": {
         "test": "phpunit",
-        "analyse": "phpstan analyse src tests --level=7",
+        "analyse": "phpstan analyse src tests --level=8",
         "check-style": "phpcs -p --standard=PSR12 --exclude=Generic.Files.LineLength --runtime-set ignore_errors_on_exit 1 --runtime-set ignore_warnings_on_exit 1 src tests",
         "fix-style": "phpcbf -p --standard=PSR12 --exclude=Generic.Files.LineLength --runtime-set ignore_errors_on_exit 1 --runtime-set ignore_warnings_on_exit 1 src tests"
     },
diff --git a/src/CorsService.php b/src/CorsService.php
@@ -181,11 +181,14 @@ public function isOriginAllowed(Request $request): bool
 
         $origin = $request->headers->get('Origin');
 
+        if ($origin === null) {
+            return false;
+        }
+
         if (in_array($origin, $this->options['allowedOrigins'])) {
             return true;
         }
 
-        /** @var string $pattern */
         foreach ($this->options['allowedOriginsPatterns'] as $pattern) {
             if (preg_match($pattern, $origin)) {
                 return true;
@@ -219,7 +222,7 @@ private function configureAllowedOrigin(Response $response, Request $request): v
         } else {
             // For dynamic headers, set the requested Origin header when set and allowed
             if ($this->isCorsRequest($request) && $this->isOriginAllowed($request)) {
-                $response->headers->set('Access-Control-Allow-Origin', $request->headers->get('Origin'));
+                $response->headers->set('Access-Control-Allow-Origin', (string) $request->headers->get('Origin'));
             }
 
             $this->varyHeader($response, 'Origin');
@@ -250,7 +253,7 @@ private function configureAllowedMethods(Response $response, Request $request):
     private function configureAllowedHeaders(Response $response, Request $request): void
     {
         if ($this->options['allowAllHeaders'] === true) {
-            $allowHeaders = $request->headers->get('Access-Control-Request-Headers');
+            $allowHeaders = (string) $request->headers->get('Access-Control-Request-Headers');
             $this->varyHeader($response, 'Access-Control-Request-Headers');
         } else {
             $allowHeaders = implode(', ', $this->options['allowedHeaders']);
