Skip to content

asm89/stack-cors

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
11 branches 18 tags
Code

Latest commit

@bradjones1
bradjones1 Update README to reflect 2.x changes and spec compatibility. (#101)
57bd918 Mar 13, 2023
Update README to reflect 2.x changes and spec compatibility. (#101) 
And some minor table formatting updates.
57bd918

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
.github/workflows
Remove 7.1
January 18, 2022 10:12
src
Re-support Symfony 4 and 5 (#99)
January 18, 2022 10:06
tests
Re-support Symfony 4 and 5 (#99)
January 18, 2022 10:06
.gitattributes
Update .gitattributes (#82)
August 15, 2020 14:50
.gitignore
Only support Symfony 6
January 3, 2022 16:44
CHANGELOG.md
Fix Access-Control-Allow-Origin null bug (#86)
March 11, 2021 07:32
LICENSE
Clarify LICENSE
April 10, 2017 20:19
README.md
Update README to reflect 2.x changes and spec compatibility. (#101)
March 13, 2023 21:10
composer.json
Remove 7.1
January 18, 2022 10:12
phpunit.xml.dist
Bump phpunit and PSR standards (#72)
April 18, 2020 15:07
Stack/Cors Installation Usage Options Example: using the library Example: using the stack middleware

README.md

Stack/Cors

Library and middleware enabling cross-origin resource sharing for your http-{foundation,kernel} using application. It attempts to implement the W3C Recommendation for cross-origin resource sharing.

Build status: .github/workflows/run-tests.yml

Installation

Require asm89/stack-cors using composer.

Usage

This package can be used as a library or as stack middleware.

Options

Option Description Default value
allowedMethods Matches the request method. []
allowedOrigins Matches the request origin. []
allowedOriginsPatterns Matches the request origin with preg_match. []
allowedHeaders Sets the Access-Control-Allow-Headers response header. []
exposedHeaders Sets the Access-Control-Expose-Headers response header. false
maxAge Sets the Access-Control-Max-Age response header.
Set to null to omit the header/use browser default.		 0
supportsCredentials Sets the Access-Control-Allow-Credentials header. false

The allowedMethods and allowedHeaders options are case-insensitive.

You don't need to provide both allowedOrigins and allowedOriginsPatterns. If one of the strings passed matches, it is considered a valid origin.

If ['*'] is provided to allowedMethods, allowedOrigins or allowedHeaders all methods / origins / headers are allowed.

If supportsCredentials is true, you must explicitly set allowedHeaders for any headers which are not CORS safelisted.

Example: using the library

<?php

use Asm89\Stack\CorsService;

$cors = new CorsService([
    'allowedHeaders'         => ['x-allowed-header', 'x-other-allowed-header'],
    'allowedMethods'         => ['DELETE', 'GET', 'POST', 'PUT'],
    'allowedOrigins'         => ['http://localhost'],
    'allowedOriginsPatterns' => ['/localhost:\d/'],
    'exposedHeaders'         => false,
    'maxAge'                 => 600,
    'supportsCredentials'    => true,
]);

$cors->addActualRequestHeaders(Response $response, $origin);
$cors->handlePreflightRequest(Request $request);
$cors->isActualRequestAllowed(Request $request);
$cors->isCorsRequest(Request $request);
$cors->isPreflightRequest(Request $request);

Example: using the stack middleware

<?php

use Asm89\Stack\Cors;

$app = new Cors($app, [
    // you can use ['*'] to allow any headers
    'allowedHeaders'      => ['x-allowed-header', 'x-other-allowed-header'],
    // you can use ['*'] to allow any methods
    'allowedMethods'      => ['DELETE', 'GET', 'POST', 'PUT'],
    // you can use ['*'] to allow requests from any origin
    'allowedOrigins'      => ['localhost'],
    // you can enter regexes that are matched to the origin request header
    'allowedOriginsPatterns' => ['/localhost:\d/'],
    'exposedHeaders'      => false,
    'maxAge'              => 600,
    'supportsCredentials' => false,
]);

About

Cross-origin resource sharing library and stack middleware.

Resources

Readme

License

MIT license

Stars

1.3k stars

Watchers

7 watching

Forks

54 forks
Report repository

Releases 14

v2.1.1 Latest
Jan 18, 2022
+ 13 releases

Packages

No packages published

Used by 698k

  • @chiaoshin
  • @rifqiahmadf
  • @kos2290
  • @elias-max
  • @QuantumBoy1010
  • @webcreation-dev
  • @ahmadmuhyiii
  • @CosmicBrainTech
+ 697,818

Contributors 18

+ 7 contributors

Languages