Skip to content
/ php-cors-psr-7 Public
forked from fruitcake/php-cors

CORS (Cross-Origin Resource Sharing) for your PSR-7 requests

License

MIT license
0 stars 15 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

elephox-dev/php-cors-psr-7

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

167 Commits
.github
.github
 
 
src
src
 
 
tests
tests
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
CHANGELOG.md
CHANGELOG.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
composer.json
composer.json
 
 
phpunit.xml.dist
phpunit.xml.dist
 
 

Repository files navigation

CORS for PHP (using the PSR-7 HTTP message interfaces)

Unit Tests PHPStan Level 9 Code Coverage Packagist License Latest Stable Version Total Downloads Fruitcake

Library and middleware enabling cross-origin resource sharing. It attempts to implement the W3C Recommendation for cross-origin resource sharing.

Note: This is a standalone fork of https://github.com/asm89/stack-cors fork of https://github.com/fruitcake/php-cors and is compatible almost compatible with the options for CorsService.
You need to pass an instance of a PSR-17 HTTP message factory as the first argument. It is used to generate the CORS responses.

Installation

Require fruitcake/php-cors using composer, add this repository as a git source and choose the dev-feature/psr-7-rewrite version.

Usage

This package can be used as a library. You can use it in your framework using:

Options

Option Description Default value
allowedMethods Matches the request method. []
allowedOrigins Matches the request origin. []
allowedOriginsPatterns Matches the request origin with preg_match. []
allowedHeaders Sets the Access-Control-Allow-Headers response header. []
exposedHeaders Sets the Access-Control-Expose-Headers response header. []
maxAge Sets the Access-Control-Max-Age response header. 0
supportsCredentials Sets the Access-Control-Allow-Credentials header. false

The allowedMethods and allowedHeaders options are case-insensitive.

You don't need to provide both allowedOrigins and allowedOriginsPatterns. If one of the strings passed matches, it is considered a valid origin. A wildcard in allowedOrigins will be converted to a pattern.

If ['*'] is provided to allowedMethods, allowedOrigins or allowedHeaders all methods / origins / headers are allowed.

Note: Allowing a single static origin will improve cacheability.

Example: using the library

<?php

use Fruitcake\Cors\CorsService;

$cors = new CorsService(
  new PSR17Factory(),
  [
    'allowedHeaders'         => ['x-allowed-header', 'x-other-allowed-header'],
    'allowedMethods'         => ['DELETE', 'GET', 'POST', 'PUT'],
    'allowedOrigins'         => ['http://localhost', 'https://*.example.com'],
    'allowedOriginsPatterns' => ['/localhost:\d/'],
    'exposedHeaders'         => ['Content-Encoding'],
    'maxAge'                 => 0,
    'supportsCredentials'    => false,
  ]
);

$cors->addActualRequestHeaders(Response $response, $origin);
$cors->handlePreflightRequest(Request $request);
$cors->isActualRequestAllowed(Request $request);
$cors->isCorsRequest(Request $request);
$cors->isPreflightRequest(Request $request);

License

Released under the MIT License, see LICENSE.

This package is split-off from https://github.com/asm89/stack-cors and developed as stand-alone library since 2022

About

CORS (Cross-Origin Resource Sharing) for your PSR-7 requests

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • PHP 100.0%