<?phpnamespace App\EventSubscriber;use Symfony\Component\EventDispatcher\EventSubscriberInterface;use Symfony\Component\HttpKernel\Event\ResponseEvent;use Symfony\Component\HttpKernel\KernelEvents;class CorsSubscriber implements EventSubscriberInterface{ public static function getSubscribedEvents(): array { return [ KernelEvents::RESPONSE => 'onKernelResponse', ]; } public function onKernelResponse(ResponseEvent $event): void { $request = $event->getRequest(); $response = $event->getResponse(); if (strpos($request->getPathInfo(), '/acc/api/') === 0) { $origin = $request->headers->get('Origin', $request->getSchemeAndHttpHost()); $response->headers->set('Access-Control-Allow-Origin', $origin); $response->headers->set('Access-Control-Allow-Methods', 'POST, GET, OPTIONS'); $response->headers->set('Access-Control-Allow-Headers', 'Content-Type, Accept, X-Requested-With, Authorization'); $response->headers->set('Access-Control-Allow-Credentials', 'true'); $exposeHeaders = ['X-Access-Login', 'X-Access-Email', 'X-Access-Token', 'X-Access-Avatar']; $existingHeaders = []; foreach ($exposeHeaders as $header) { if ($response->headers->has($header)) { $existingHeaders[] = $header; } } if (!empty($existingHeaders)) { $response->headers->set( 'Access-Control-Expose-Headers', implode(', ', $existingHeaders) ); } else { $response->headers->set( 'Access-Control-Expose-Headers', 'X-Access-Login, X-Access-Email, X-Access-Token, X-Access-Agency, X-Access-Onsite, X-Access-Avatar' ); } } $currentLocale = $request->getLocale(); $response->headers->set('x-ip-country', strtoupper($currentLocale)); }}