createServerRequest('GET', '/health') ->withHeader('Origin', 'http://localhost/retribusi'); $response1 = $responseFactory->createResponse(200); $response1->getBody()->write(json_encode(['status' => 'ok'])); $middleware = new CorsMiddleware(); $handler = new class($response1) implements \Psr\Http\Server\RequestHandlerInterface { private $response; public function __construct($response) { $this->response = $response; } public function handle(\Psr\Http\Message\ServerRequestInterface $request): \Psr\Http\Message\ResponseInterface { return $this->response; } }; $result1 = $middleware->process($request1, $handler); echo " Response headers:\n"; foreach ($result1->getHeaders() as $name => $values) { if (str_starts_with(strtolower($name), 'access-control-')) { echo " - $name: " . implode(', ', $values) . "\n"; } } // Test 2: Origin yang tidak ada di .env echo "\nTest 2: Origin 'http://example.com' (tidak ada di .env):\n"; $request2 = $requestFactory->createServerRequest('GET', '/health') ->withHeader('Origin', 'http://example.com'); $response2 = $responseFactory->createResponse(200); $handler2 = new class($response2) implements \Psr\Http\Server\RequestHandlerInterface { private $response; public function __construct($response) { $this->response = $response; } public function handle(\Psr\Http\Message\ServerRequestInterface $request): \Psr\Http\Message\ResponseInterface { return $this->response; } }; $result2 = $middleware->process($request2, $handler2); echo " Response headers:\n"; $hasCorsHeaders = false; foreach ($result2->getHeaders() as $name => $values) { if (str_starts_with(strtolower($name), 'access-control-')) { $hasCorsHeaders = true; echo " - $name: " . implode(', ', $values) . "\n"; } } if (!$hasCorsHeaders) { echo " ⚠️ No CORS headers found (expected if origin not allowed)\n"; } // Test 3: OPTIONS request (preflight) echo "\nTest 3: OPTIONS request (preflight):\n"; $request3 = $requestFactory->createServerRequest('OPTIONS', '/health') ->withHeader('Origin', 'http://localhost/retribusi'); $response3 = $responseFactory->createResponse(200); $handler3 = new class($response3) implements \Psr\Http\Server\RequestHandlerInterface { private $response; public function __construct($response) { $this->response = $response; } public function handle(\Psr\Http\Message\ServerRequestInterface $request): \Psr\Http\Message\ResponseInterface { return $this->response; } }; $result3 = $middleware->process($request3, $handler3); echo " Status code: " . $result3->getStatusCode() . "\n"; echo " Response headers:\n"; foreach ($result3->getHeaders() as $name => $values) { if (str_starts_with(strtolower($name), 'access-control-')) { echo " - $name: " . implode(', ', $values) . "\n"; } } echo "\n=== Test Complete ===\n"; echo "\nJika Test 1 tidak ada CORS headers, kemungkinan:\n"; echo "1. PHP-FPM belum di-restart setelah perubahan code\n"; echo "2. Opcache masih cache code lama (clear opcache)\n"; echo "3. Check error log: tail -f /www/wwwlogs/api.btekno.cloud.error.log\n";