bugfix: handle unhandled InvalidOriginValueException

For origins resulting in `InvalidOriginValueException`, we can assume that these are actual CORS requests. If these are made from unsupported origins, we should treat these as unauthorized requests.

Signed-off-by: Maximilian Bösing <[email protected]>

src/Middleware/CorsMiddleware.php

@@ -4,6 +4,7 @@
 
 namespace Mezzio\Cors\Middleware;
 
+use Mezzio\Cors\Exception\InvalidOriginValueException;
 use Mezzio\Cors\Middleware\Exception\InvalidConfigurationException;
 use Mezzio\Cors\Service\ConfigurationLocatorInterface;
 use Mezzio\Cors\Service\CorsInterface;
@@ -46,11 +47,18 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
             throw InvalidConfigurationException::fromInvalidPipelineConfiguration();
         }
 
-        if (! $this->cors->isCorsRequest($request)) {
+        try {
+            $isCorsRequest = $this->cors->isCorsRequest($request);
+        } catch (InvalidOriginValueException $exception) {
+            return $this->responseFactory->unauthorized($exception->origin);
+        }
+
+        if (! $isCorsRequest) {
             return $this->vary($handler->handle($request));
         }
 
         $metadata = $this->cors->metadata($request);
+
         if ($this->cors->isPreflightRequest($request)) {
             return $this->preflight($metadata) ?? $handler->handle($request);
         }