Skip to content
/ slim-cors-middleware Public

A middleware to handle Cors for multiple domains in Slim

4 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

eko3alpha/slim-cors-middleware

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

39 Commits
src
src
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
README.md
README.md
 
 
composer.json
composer.json
 
 
phpunit.xml
phpunit.xml
 
 

Repository files navigation

slim-cors-middleware (Slim v3.x)

Packagist Packagist Scrutinizer Code Quality Build Status

A middleware to handle Cors for multiple domains using Slim. "Access-Contro-Allow-Origin" only accepts one domain or a wildcard. This makes it troublesome if you want to allow different domains access to your api. In order to allow access to multiple domains You either need to create an .htaccess/apache rule: credit

<FilesMatch "\.(ttf|otf|eot|woff|js|css|woff2)$">
    <IfModule mod_headers.c>
        SetEnvIf Origin "^http(s)?:\/\/(www\.|dev\.|local\.)?(domain\.com|domain2\.com)$" AccessControlAllowOrigin=$0
        Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
    </IfModule>
</FilesMatch>

Or you have to use a wildcard. It's an all or very restrictive approach, which encourage most dev's to opt for the very easy wildcard '*' approach.

Access-Control-Allow-Origin: *

This middleware will detect the origin of a request, if its within the allowed list it will set the proper "Access-Control-Allow-Origin" value for that domain, as well as restrict the methods it has access to.

Access-Control-Allow-Origin: https://client.domain.com

Install

You can either download manually or use composer.

composer require eko3alpha/slim-cors-middleware

Usage

$app = new \Slim\App();

$app->add(new \Eko3alpha\Slim\Middleware\CorsMiddleware([
    'https://dev.domain1.com' => ['GET', 'POST'],
    'https://dev.domain2.com' => ['GET', 'POST'],
    'https://dev.domain3.com' => ['GET']
  ]);

Examples

This middleware allows you to add method restrictions on a per domain basis. Below are some examples of valid configuration options. HTTP and HTTPS are considered 2 different origins.

One entry with a wildcard, this will give GET access to all domains requesting resources

$app->add(new \Eko3alpha\Slim\Middleware\CorsMiddleware([
  '*' => 'GET'
]);

This will give GET, POST and DELETE access to both http and https versions of api.domain.com, you can either use a string value or array.

$app->add(new \Eko3alpha\Slim\Middleware\CorsMiddleware([
  'http://client.domain.com'  => 'GET, POST, DELETE',
  'https://client.domain.com' => ['GET', 'POST', 'DELETE']
]);

You can either choose to have your methods as an array ['GET', 'POST'] or string 'GET, POST'.

Slim Container

You can use Slim's container to hold the configuration if you prefer to have your configuration in a seperate file.

$container = new Slim\Container;

.
.
.

$container['cors'] = ['*' => 'GET, POST'];

.
.
.

$app->add(new \Eko3alpha\Slim\Middleware\CorsMiddleware($container['cors']);

About

A middleware to handle Cors for multiple domains in Slim

Resources

Readme
Activity

Stars

4 stars

Watchers

0 watching

Forks

2 forks
Report repository

Releases 7

Bug fix Latest
Apr 13, 2017
+ 6 releases

Packages

No packages published

Languages