Cross-origin resource sharing library for the Symfony HttpFoundation

fruitcake/php-cors image

fruitcake/php-cors stats

Downloads
48.5M
Stars
161
Open Issues
3
Forks
10

View on GitHub →

Fruitcake Php-cors Readme


CORS for PHP (using the Symfony HttpFoundation)

Library and middleware enabling cross-origin resource sharing for your http-{foundation,kernel} using application. It attempts to implement the W3C Recommendation for cross-origin resource sharing.

Note: This is a standalone fork of https://github.com/asm89/stack-cors and is compatible with the options for CorsService.

Installation

Require fruitcake/php-cors using composer.

Usage

This package can be used as a library. You can use it in your framework using:

Options

Option Description Default value
allowedMethods Matches the request method. []
allowedOrigins Matches the request origin. []
allowedOriginsPatterns Matches the request origin with preg_match. []
allowedHeaders Sets the Access-Control-Allow-Headers response header. []
exposedHeaders Sets the Access-Control-Expose-Headers response header. []
maxAge Sets the Access-Control-Max-Age response header. 0
supportsCredentials Sets the Access-Control-Allow-Credentials header. false

The allowedMethods and allowedHeaders options are case-insensitive.

You don't need to provide both allowedOrigins and allowedOriginsPatterns. If one of the strings passed matches, it is considered a valid origin. A wildcard in allowedOrigins will be converted to a pattern.

If ['*'] is provided to allowedMethods, allowedOrigins or allowedHeaders all methods / origins / headers are allowed.

Note: Allowing a single static origin will improve cacheability.

Example: using the library

<?php
 
use Fruitcake\Cors\CorsService;
 
$cors = new CorsService([
'allowedHeaders' => ['x-allowed-header', 'x-other-allowed-header'],
'allowedMethods' => ['DELETE', 'GET', 'POST', 'PUT'],
'allowedOrigins' => ['http://localhost', 'https://*.example.com'],
'allowedOriginsPatterns' => ['/localhost:\d/'],
'exposedHeaders' => ['Content-Encoding'],
'maxAge' => 0,
'supportsCredentials' => false,
]);
 
$cors->addActualRequestHeaders(Response $response, $origin);
$cors->handlePreflightRequest(Request $request);
$cors->isActualRequestAllowed(Request $request);
$cors->isCorsRequest(Request $request);
$cors->isPreflightRequest(Request $request);

License

Released under the MIT License, see LICENSE.

This package is split-off from https://github.com/asm89/stack-cors and developed as stand-alone library since 2022

fruitcake photo

Your #1 dev team


Fruitcake Php Cors Related Articles

Diving into Cross-Origin Resource Sharing image

Diving into Cross-Origin Resource Sharing

Read article
Laravel 9.2 Released image

Laravel 9.2 Released

Read article
No Compromises logo

No Compromises

Joel and Aaron, the two seasoned devs from the No Compromises podcast, are now available to hire for your Laravel project. ⬧ Flat rate of $7500/mo. ⬧ No lengthy sales process. ⬧ No contracts. ⬧ 100% money back guarantee.

No Compromises
Lunar: Laravel E-Commerce logo

Lunar: Laravel E-Commerce

E-Commerce for Laravel. An open-source package that brings the power of modern headless e-commerce functionality to Laravel.

Lunar: Laravel E-Commerce
LaraJobs logo

LaraJobs

The official Laravel job board

LaraJobs
Bacancy logo

Bacancy

Supercharge your project with a seasoned Laravel developer with 4-6 years of experience for just $2500/month. Get 160 hours of dedicated expertise & a risk-free 15-day trial. Schedule a call now!

Bacancy
Kirschbaum logo

Kirschbaum

Providing innovation and stability to ensure your web application succeeds.

Kirschbaum
Lucky Media logo

Lucky Media

Bespoke software solutions built for your business. We ♥ Laravel

Lucky Media