Update CorsMiddleware.php - Workaround for OPTIONS method

README.md

@@ -2,6 +2,8 @@
 
 [![Build Status](https://travis-ci.org/ozee31/cakephp-cors.svg?branch=master)](https://travis-ci.org/ozee31/cakephp-cors)
 
+It's a pull request from [ozee31/cakephp-cors](https://github.com/ozee31/cakephp-cors).
+
 A CakePHP (4+) plugin for activate cors domain in your application with [Middleware](http://book.cakephp.org/3.0/en/controllers/middleware.html).
 
 [Learn more about CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS)

composer.json

@@ -1,6 +1,6 @@
 {
     "name": "ozee31/cakephp-cors",
-    "description": "A CakePHP (3.3.x) plugin for activate cors domain in your application",
+    "description": "A CakePHP 4 plugin for activate cors domain in your application",
     "type": "cakephp-plugin",
     "require": {
         "php": ">=7.2.0",

src/Routing/Middleware/CorsMiddleware.php

@@ -6,6 +6,7 @@
 use Psr\Http\Message\ServerRequestInterface;
 use Psr\Http\Server\MiddlewareInterface;
 use Psr\Http\Server\RequestHandlerInterface;
+use Cake\Http\Response;
 
 class CorsMiddleware implements MiddlewareInterface
 {
@@ -16,7 +17,20 @@ class CorsMiddleware implements MiddlewareInterface
      */
     public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
     {
-        $response = $handler->handle($request);
+        if (strtoupper($request->getMethod()) === 'OPTIONS') {
+            if (!array_intersect($request->getHeader("Access-Control-Request-Method"), Configure::read('Cors.AllowMethods'))) {
+                $response =  new Response([
+                    'status' => 403,
+                    'body' => 'Method Forbidden'
+                ]);
+            } else {
+                $response =  new Response([
+                    'status' => 200
+                ]);
+            }
+        } else {
+            $response = $handler->handle($request);
+        }
 
         $response = $this->addHeaders($request, $response);