PHP download

Download the PHP package zfr/zfr-cors without Composer

On this page you can find all versions of the php package zfr/zfr-cors. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

Table of contents
Download zfr/zfr-cors
More information about zfr/zfr-cors
Files in zfr/zfr-cors

Vendor zfr
Package zfr-cors
Short Description Zend Framework module that let you deal with CORS requests
License MIT
Homepage https://github.com/zf-fr/zfr-cors

Keywords rest cors zf2 Zend Framework cross origin sharing resource

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.

Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.

Please rate this library. Is it a good library?

Example code of zfr/zfr-cors

Informations about the package zfr-cors

ZfrCors

ZfrCors is a simple ZF2 module that helps you to deal with Cross-Origin Resource Sharing (CORS).

What is ZfrCors ?

ZfrCors is a Zend Framework 2 module that allow to easily configure your ZF 2 application so that it automatically builds HTTP responses that follow the CORS documentation.

Installation

Install the module by typing (or add it to your composer.json file):

Then, enable it by adding "ZfrCors" in your application.config.php file.

By default, ZfrCors is configured to deny every CORS requests. To change that, you need to copy the config/zfr_cors.global.php.dist file to your autoload folder (remove the .dist extension), and modify it to suit your needs.

Documentation

What is CORS ?

CORS is a mechanism that allows to perform cross-origin requests from your browser.

For instance, let's say that your website is hosted in the domain http://example.com. By default, user agents won't be allowed to perform AJAX requests to another domain for security reasons (for instance http://funny-domain.com).

With CORS, you can allow your server to reply to such requests.

You can find better documentation on how CORS works on the web:

Event registration

ZfrCors registers the ZfrCors\Mvc\CorsRequestListener with the MvcEvent::EVENT_ROUTE event, with a priority of -1. This means that this listener is executed AFTER the route has been matched.

Configuring the module

As by default, all the various options are set globally for all routes:

allowed_origins: (array) List of allowed origins. To allow any origin, you can use the wildcard (*) character. If multiple origins are specified, ZfrCors will automatically check the "Origin" header's value, and only return the allowed domain (if any) in the "Allow-Access-Control-Origin" response header. To allow any sub-domain, you can prefix the domain with the wildcard character (i.e. *.example.com). Please note that you don't need to add your host URI (so if your website is hosted as "example.com", "example.com" is automatically allowed.
allowed_methods: (array) List of allowed HTTP methods. Those methods will be returned for the preflight request to indicate which methods are allowed to the user agent. You can even specify custom HTTP verbs.
allowed_headers: (array) List of allowed headers that will be returned for the preflight request. This indicates to the user agent which headers are permitted to be sent when doing the actual request.
max_age: (int) Maximum age (seconds) the preflight request should be cached by the user agent. This prevents the user agent from sending a preflight request for each request.
exposed_headers: (array) List of response headers that are allowed to be read in the user agent. Please note that some browsers do not implement this feature correctly.
allowed_credentials: (boolean) If true, it allows the browser to send cookies along with the request.

If you want to configure specific routes, you can add ZfrCors\Options\CorsOptions::ROUTE_PARAM to your route configuration:

Preflight request

If ZfrCors detects a preflight CORS request, a new HTTP response will be created, and ZfrCors will send the appropriate headers according to your configuration. The response will be always sent with a 200 status code (OK).

Please note that this will also prevent further MVC steps from being executed, since all subsequent MVC steps are skipped till Zend\Mvc\MvcEvent::EVENT_FINISH, which is responsible for actually sending the response.

Actual request

When an actual request is made, ZfrCors first checks it the origin is allowed. If it is not, then a new response with a 403 status code (Forbidden) is created and sent.

If the origin is allowed, ZfrCors will just add the appropriate headers to the request produced by Zend\Mvc.

Security concerns

Don't use this module to secure your application! You must use a proper authorization module, like BjyAuthorize, ZfcRbac or SpiffyAuthorize.

ZfrCors only allows to accept or refuse a cross-origin request.

Custom schemes

Internally, ZfrCors uses Zend\Uri\UriFactory class. If you are using custom schemes (for instance if you are testing your API with some Google Chrome extensions), you need to add support for those schemes by adding them to the UriFactory config (please refer to the doc).

Example

To register the chrome-extension custom scheme in your API, simply add:

to the onBootstrap() method in module/Application/Module.php. Do note that, if your IDE doesn't resolve this automatically, you should add the following use definition to the same file:

Registering the chrome-extension custom scheme like this allows you to use Google Chrome extensions for testing your API.

All versions of zfr-cors with dependencies

PHP Build Version

Package Version

Version v2.0.0 Release 18. Jun 2019
create-project require 0 people choosed require and
0 people choosed create-project.

Download

Download latest version of zfr-cors from vendor zfr

Requires php Version ^7.1
zendframework/zend-eventmanager Version ^2.6.4 || ^3.2.1
zendframework/zend-http Version ^2.10
zendframework/zend-mvc Version ^2.7.15 || ^3.1.1
zendframework/zend-servicemanager Version ^2.7.9 || ^3.4.0

Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package zfr/zfr-cors contains the following files

Loading the files please wait ....