Skip to content
/ magento-2-cors-requests Public
forked from splashlab/magento-2-cors-requests

Enabling cross-origin resource sharing (CORS) requests to Magento 2 API from configured Origin domain

License

OSL-3.0 license
0 stars 30 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

electrobayan/magento-2-cors-requests

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

32 Commits
Api
Api
 
 
Model
Model
 
 
Plugin
Plugin
 
 
etc
etc
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
composer.json
composer.json
 
 
registration.php
registration.php
 
 

Repository files navigation

Magento 2 CORS Cross-Domain Requests by SplashLab

This module allows you to enable Cross-Origin Resource Sharing (CORS) REST API requests in Magento 2 by adding the appropriate HTTP headers and handling the pre-flight OPTIONS requests.

This can be used to allow AJAX and other requests to the Magento 2 REST API from another domain (or subdomain).

How to install

1. via composer

composer require electrobayan/magento-2-cors-requests

OR

Edit composer.json

{
    "require": {
        "splashlab/magento-2-cors-requests": "100.0.7"
    }
}

composer install/update
php bin/magento setup:upgrade
php bin/magento setup:static-content:deploy

2. Copy and paste

Download latest version from GitHub

Paste into app/code/SplashLab/CorsRequests directory

php bin/magento setup:upgrade
php bin/magento setup:static-content:deploy

3. Update Origin URL

In Stores -> Configuration, go to General -> Web -> CORS Requests Configuration.

Then edit the the CORS Origin Url field to the domain you want to enable cross-domain requests from. (i.e. http://example.com)

How does it work?

The full implementation of CORS cross-domain HTTP requests is outside the scope of this README, but this is what this module does:

  1. Allows onfigureing an Origin Url in the Admin Configuration area - this is the domain which cross-domain requests are permitted from
  2. This domain is added to a Access-Control-Allow-Origin response HTTP header
  3. Optionally you can enable the Access-Control-Allow-Credentials header as well, to enable passing cookies

For non-GET and non-standard-POST requests (i.e. PUT and DELETE), the "pre-flight check" OPTIONS request is handled by:

  1. An empty /V1/cors/check API response with the appropriate headers:
  2. Access-Control-Allow-Methods response header, which mirrors the Access-Control-Request-Method request header
  3. Access-Control-Allow-Headers response header, which mirrors the Access-Control-Request-Headers request header

Alternative Solutions

You can also manage these CORS headers with Apache and Nginx rules, instead of using this extension:

But I created this extension to allow you to configure the Origin domain the Admin Configuration, and to avoid having to create and manage special server configuration.

CORS Cross-Domain Request References

About

Enabling cross-origin resource sharing (CORS) requests to Magento 2 API from configured Origin domain

Resources

Readme

License

OSL-3.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

Version 100.0.7 Latest
May 19, 2022

Packages

No packages published

Languages

  • PHP 100.0%