Download the PHP package phputil/cors without Composer
On this page you can find all versions of the php package phputil/cors. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Please rate this library. Is it a good library?
Informations about the package cors
phputil/cors
🔌 CORS middleware for phputil/router
- Unit-tested ✔
- Well-documented 📖
- Syntax compatible with expressjs/cors 🎯
Installation
Requires phputil/router v0.2.14+
Usage
Basic usage
API
$options
can be an array or an object from the class CorOptions
. All its keys/attributes are optional:
origin: bool|string|string[]
- Configures the response header
Access-Control-Allow-Origin
, which indicates the allowed origin. true
, the default value, reflects theOrigin
request header - that is, it allows any origin.false
makes it to return'*'
as the header value.- A non-empty
string
(e.g.'https://example.com'
) restricts the origin to the defined value. An origin must contain the protocol (e.g.http
/https
), and the port (e.g.:8080
) when the port is different from the default for the protocol (80
for http,443
for https). - A non-empty
array
indicates the list of allowed origins. - When the
Origin
request header is not sent and the optionorigin
istrue
, it will return*
- aiming to accept any origin (which may not work on httpS or using credentials). Other options will block the request. - Using
*
will probably not work when using credentials or httpS. Therefore, make sure to include the allowed origins.
Note: The status code returned for an origin that is not in the allowed list is 403
(Forbidden).
credentials: bool
- Configures the response header
Access-Control-Allow-Credentials
. true
, the default value, makes it to include the header.false
makes it to omit the header.- This option is needed if your application uses cookies or some kind of authentication header.
- Bonus tip: If you are using
fetch()
in your front-end (JavaScript), make sure to setcredentials: 'include'
(when cross-origin) orcredentials: 'same-origin
to your request options.
methods: string|string[]
- Configures the response header
Access-Control-Allow-Methods
. - The default value is
GET,HEAD,OPTIONS,POST,PUT,DELETE,PATCH
when the request headerAccess-Control-Request-Method
is not defined. - When the request header
Access-Control-Request-Method
is defined, the response headerAccess-Control-Allow-Methods
will return the received method, unless the optionmethods
is defined. - HTTP methods in a
string
must be separated by comma.
allowedHeaders: string|string[]
- Configures the response header
Access-Control-Allow-Headers
. - The default value is
'*'
, meaning to accept any request header. - The value
*
only counts as a special wildcard value for requests without credentials (e.g. cookies, authorization headers). Therefore, change it if your application needs credentials. - HTTP headers in a
string
must be separated by comma.
exposedHeaders: string|string[]
- Configures the response header
Access-Control-Expose-Headers
. - The default value is
''
(empty string), meaning to not include the header. - HTTP headers in a
string
must be separated by comma. - If your application needs credentials (e.g. cookies, authentication headers), you probably should configure it.
maxAge: int|null
- Configures the response header
Access-Control-Max-Age
. - The default value is
null
, meaning to not include the header. - An
int
value means the number of seconds that a preflight request can be cached (by the browser).
Example
Using an array:
Using the class CorOptions
, that has nestable builder methods with the prefix with
:
Additional examples
Accepting credentials (e.g. cookies) and cross-site requests from authorized domains:
License
Thiago Delgado Pinto
All versions of cors with dependencies
PHP Build Version
Package Version
No informations.
The package phputil/cors contains the following files
Loading the files please wait ....