Cross-origin resource sharing library for the Symfony HttpFoundation

#CORS for PHP by Fruitcake

The fruitcake/php-cors package provides a robust solution for enabling Cross-Origin Resource Sharing (CORS) in applications using PHP's Symfony HttpFoundation. This library is essential for developers needing to manage CORS policies efficiently to allow or restrict resources shared between different origins.

#Key Features

• Flexible CORS Rules: Define which HTTP methods, headers, and origins are allowed.
• Pattern Matching: Utilize regular expressions to define allowed origins.
• Support for Credentials: Control whether to expose credentials.
• Configurable Response Headers: Set headers for exposed headers and maximum cache age.
• High Compatibility: Works seamlessly as middleware for StackPHP and can be integrated into Laravel through an additional package.

#Installation

Install the package via Composer:

composer require fruitcake/php-cors

#Usage

#Basic Configuration

You can easily integrate CORS handling within your application by configuring the following options:

• allowedMethods: Specify which HTTP methods are permitted.
• allowedOrigins: Define which origins can access the resources.
• allowedHeaders: Set specific headers that can be used during the request.
• exposedHeaders: Decide which headers are exposed in the response.
• maxAge: Determine the time for which the response is considered valid.
• supportsCredentials: Enable or disable cookies and authentication data.

#Practical Example

Here’s how you can set up the CORS service in your PHP application:

use Fruitcake\Cors\CorsService;
 
$cors = new CorsService([
    'allowedHeaders' => ['x-allowed-header', 'x-other-allowed-header'],
    'allowedMethods' => ['DELETE', 'GET', 'POST', 'PUT'],
    'allowedOrigins' => ['http://localhost', 'https://*.example.com'],
    'exposedHeaders' => ['Content-Encoding'],
    'maxAge' => 0,
    'supportsCredentials' => false,
]);
 
$response = new Response();
$cors->addActualRequestHeaders($response, $origin);

#Advanced Handling

The package also provides methods to handle preflight requests and check if a request is allowed under the defined CORS policy.

#License

This package is released under the MIT License.

For developers looking to implement CORS in their PHP applications effectively, fruitcake/php-cors offers a powerful, flexible solution that is easy to integrate and configure. Whether you are developing a simple site or a complex RESTful service, this package is designed to meet your CORS requirements.