ENGCOM-7751: GraphQL CORS Headers #28713

 - Merge Pull Request #28713 from michalderlatka/magento2:28561_graphql_cors_requests
 - Merged commits:
   1. 50635d9
   2. b79c484
   3. 69cb58c
   4. 5ba8fd7
   5. c3def13
   6. e82cca4
   7. 64b4228
   8. 88840a7

Author: magento-engcom-team

app/code/Magento/GraphQl/Controller/HttpResponse/Cors/CorsAllowCredentialsHeaderProvider.php

@@ -0,0 +1,71 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\GraphQl\Controller\HttpResponse\Cors;
+
+use Magento\Framework\App\Response\HeaderProvider\HeaderProviderInterface;
+use Magento\GraphQl\Model\Cors\ConfigurationInterface;
+
+/**
+ * Provides value for Access-Control-Allow-Credentials header if CORS is enabled
+ */
+class CorsAllowCredentialsHeaderProvider implements HeaderProviderInterface
+{
+    /**
+     * @var string
+     */
+    private $headerName;
+
+    /**
+     * CORS configuration provider
+     *
+     * @var \Magento\GraphQl\Model\Cors\ConfigurationInterface
+     */
+    private $corsConfiguration;
+
+    /**
+     * @param ConfigurationInterface $corsConfiguration
+     * @param string $headerName
+     */
+    public function __construct(
+        ConfigurationInterface $corsConfiguration,
+        string $headerName
+    ) {
+        $this->corsConfiguration = $corsConfiguration;
+        $this->headerName = $headerName;
+    }
+
+    /**
+     * Get name of header
+     *
+     * @return string
+     */
+    public function getName(): string
+    {
+        return $this->headerName;
+    }
+
+    /**
+     * Get value for header
+     *
+     * @return string
+     */
+    public function getValue(): string
+    {
+        return "1";
+    }
+
+    /**
+     * Check if header can be applied
+     *
+     * @return bool
+     */
+    public function canApply(): bool
+    {
+        return $this->corsConfiguration->isEnabled() && $this->corsConfiguration->isCredentialsAllowed();
+    }
+}

app/code/Magento/GraphQl/Controller/HttpResponse/Cors/CorsAllowHeadersHeaderProvider.php

@@ -0,0 +1,71 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\GraphQl\Controller\HttpResponse\Cors;
+
+use Magento\Framework\App\Response\HeaderProvider\HeaderProviderInterface;
+use Magento\GraphQl\Model\Cors\ConfigurationInterface;
+
+/**
+ * Provides value for Access-Control-Allow-Headers header if CORS is enabled
+ */
+class CorsAllowHeadersHeaderProvider implements HeaderProviderInterface
+{
+    /**
+     * @var string
+     */
+    private $headerName;
+
+    /**
+     * CORS configuration provider
+     *
+     * @var \Magento\GraphQl\Model\Cors\ConfigurationInterface
+     */
+    private $corsConfiguration;
+
+    /**
+     * @param ConfigurationInterface $corsConfiguration
+     * @param string $headerName
+     */
+    public function __construct(
+        ConfigurationInterface $corsConfiguration,
+        string $headerName
+    ) {
+        $this->corsConfiguration = $corsConfiguration;
+        $this->headerName = $headerName;
+    }
+
+    /**
+     * Get name of header
+     *
+     * @return string
+     */
+    public function getName(): string
+    {
+        return $this->headerName;
+    }
+
+    /**
+     * Check if header can be applied
+     *
+     * @return bool
+     */
+    public function canApply(): bool
+    {
+        return $this->corsConfiguration->isEnabled() && $this->getValue();
+    }
+
+    /**
+     * Get value for header
+     *
+     * @return string|null
+     */
+    public function getValue(): ?string
+    {
+        return $this->corsConfiguration->getAllowedHeaders();
+    }
+}

app/code/Magento/GraphQl/Controller/HttpResponse/Cors/CorsAllowMethodsHeaderProvider.php

@@ -0,0 +1,71 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\GraphQl\Controller\HttpResponse\Cors;
+
+use Magento\Framework\App\Response\HeaderProvider\HeaderProviderInterface;
+use Magento\GraphQl\Model\Cors\ConfigurationInterface;
+
+/**
+ * Provides value for Access-Control-Allow-Methods header if CORS is enabled
+ */
+class CorsAllowMethodsHeaderProvider implements HeaderProviderInterface
+{
+    /**
+     * @var string
+     */
+    private $headerName;
+
+    /**
+     * CORS configuration provider
+     *
+     * @var \Magento\GraphQl\Model\Cors\ConfigurationInterface
+     */
+    private $corsConfiguration;
+
+    /**
+     * @param ConfigurationInterface $corsConfiguration
+     * @param string $headerName
+     */
+    public function __construct(
+        ConfigurationInterface $corsConfiguration,
+        string $headerName
+    ) {
+        $this->corsConfiguration = $corsConfiguration;
+        $this->headerName = $headerName;
+    }
+
+    /**
+     * Get name of header
+     *
+     * @return string
+     */
+    public function getName(): string
+    {
+        return $this->headerName;
+    }
+
+    /**
+     * Check if header can be applied
+     *
+     * @return bool
+     */
+    public function canApply(): bool
+    {
+        return $this->corsConfiguration->isEnabled() && $this->getValue();
+    }
+
+    /**
+     * Get value for header
+     *
+     * @return string|null
+     */
+    public function getValue(): ?string
+    {
+        return $this->corsConfiguration->getAllowedMethods();
+    }
+}

app/code/Magento/GraphQl/Controller/HttpResponse/Cors/CorsAllowOriginHeaderProvider.php

@@ -0,0 +1,71 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\GraphQl\Controller\HttpResponse\Cors;
+
+use Magento\Framework\App\Response\HeaderProvider\HeaderProviderInterface;
+use Magento\GraphQl\Model\Cors\ConfigurationInterface;
+
+/**
+ * Provides value for Access-Control-Allow-Origin header if CORS is enabled
+ */
+class CorsAllowOriginHeaderProvider implements HeaderProviderInterface
+{
+    /**
+     * @var string
+     */
+    private $headerName;
+
+    /**
+     * CORS configuration provider
+     *
+     * @var \Magento\GraphQl\Model\Cors\ConfigurationInterface
+     */
+    private $corsConfiguration;
+
+    /**
+     * @param ConfigurationInterface $corsConfiguration
+     * @param string $headerName
+     */
+    public function __construct(
+        ConfigurationInterface $corsConfiguration,
+        string $headerName
+    ) {
+        $this->corsConfiguration = $corsConfiguration;
+        $this->headerName = $headerName;
+    }
+
+    /**
+     * Get name of header
+     *
+     * @return string
+     */
+    public function getName(): string
+    {
+        return $this->headerName;
+    }
+
+    /**
+     * Check if header can be applied
+     *
+     * @return bool
+     */
+    public function canApply(): bool
+    {
+        return $this->corsConfiguration->isEnabled() && $this->getValue();
+    }
+
+    /**
+     * Get value for header
+     *
+     * @return string|null
+     */
+    public function getValue(): ?string
+    {
+        return $this->corsConfiguration->getAllowedOrigins();
+    }
+}

app/code/Magento/GraphQl/Controller/HttpResponse/Cors/CorsMaxAgeHeaderProvider.php

@@ -0,0 +1,71 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\GraphQl\Controller\HttpResponse\Cors;
+
+use Magento\Framework\App\Response\HeaderProvider\HeaderProviderInterface;
+use Magento\GraphQl\Model\Cors\ConfigurationInterface;
+
+/**
+ * Provides value for Access-Control-Max-Age header if CORS is enabled
+ */
+class CorsMaxAgeHeaderProvider implements HeaderProviderInterface
+{
+    /**
+     * @var string
+     */
+    private $headerName;
+
+    /**
+     * CORS configuration provider
+     *
+     * @var \Magento\GraphQl\Model\Cors\ConfigurationInterface
+     */
+    private $corsConfiguration;
+
+    /**
+     * @param ConfigurationInterface $corsConfiguration
+     * @param string $headerName
+     */
+    public function __construct(
+        ConfigurationInterface $corsConfiguration,
+        string $headerName
+    ) {
+        $this->corsConfiguration = $corsConfiguration;
+        $this->headerName = $headerName;
+    }
+
+    /**
+     * Get name of header
+     *
+     * @return string
+     */
+    public function getName(): string
+    {
+        return $this->headerName;
+    }
+
+    /**
+     * Check if header can be applied
+     *
+     * @return bool
+     */
+    public function canApply(): bool
+    {
+        return $this->corsConfiguration->isEnabled() && $this->getValue();
+    }
+
+    /**
+     * Get value for header
+     *
+     * @return string|null
+     */
+    public function getValue(): ?string
+    {
+        return (string) $this->corsConfiguration->getMaxAge();
+    }
+}