CorsPolicyInterface
Decides whether a cross-origin HTTP request to the live endpoint is allowed, and which CORS response headers to send back. Consulted by the HTTP transport layer before any component interaction is dispatched — this is a transport-level gate, independent of {@see InteractionAuthorizerInterface}'s per-action authorization.
CorsPolicyInterface::check()
abstract public function check(?string $origin, string $method, array $requestHeaders = []): Milpa\Live\ValueObjects\CorsDecisionEvaluates one request's CORS eligibility.
Parameters
| Name | Type | Description |
|---|---|---|
| $origin | (string | null) | The request's `Origin` header value, or `null`/empty for a same-origin (or non-browser) request. |
| $method | string | |
| $requestHeaders | array<int, string> | Header names the request declares it will send (e.g. from a preflight's `Access-Control-Request-Headers`). |
Returns
`allowed: false` means the caller MUST reject the request; `allowed: true` carries the response headers to attach.