{"id":19692211,"url":"https://github.com/getgrav/grav-plugin-cors","last_synced_at":"2026-01-23T13:48:05.413Z","repository":{"id":143186856,"uuid":"65349616","full_name":"getgrav/grav-plugin-cors","owner":"getgrav","description":"Grav CORS Plugin","archived":false,"fork":false,"pushed_at":"2019-08-28T18:22:49.000Z","size":9,"stargazers_count":2,"open_issues_count":1,"forks_count":2,"subscribers_count":4,"default_branch":"develop","last_synced_at":"2025-10-22T06:37:05.641Z","etag":null,"topics":["ajax","cors","cors-request","grav","grav-plugin"],"latest_commit_sha":null,"homepage":"https://getgrav.org","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/getgrav.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2016-08-10T04:07:13.000Z","updated_at":"2021-03-31T04:39:59.000Z","dependencies_parsed_at":"2023-07-05T19:15:46.605Z","dependency_job_id":null,"html_url":"https://github.com/getgrav/grav-plugin-cors","commit_stats":{"total_commits":8,"total_committers":4,"mean_commits":2.0,"dds":0.625,"last_synced_commit":"ae5c99fe45b3ab4d75f909dc392b5ba933632566"},"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/getgrav/grav-plugin-cors","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/getgrav%2Fgrav-plugin-cors","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/getgrav%2Fgrav-plugin-cors/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/getgrav%2Fgrav-plugin-cors/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/getgrav%2Fgrav-plugin-cors/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/getgrav","download_url":"https://codeload.github.com/getgrav/grav-plugin-cors/tar.gz/refs/heads/develop","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/getgrav%2Fgrav-plugin-cors/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28693331,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-23T11:01:27.039Z","status":"ssl_error","status_checked_at":"2026-01-23T11:00:26.909Z","response_time":59,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ajax","cors","cors-request","grav","grav-plugin"],"created_at":"2024-11-11T19:12:38.501Z","updated_at":"2026-01-23T13:48:05.386Z","avatar_url":"https://github.com/getgrav.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Grav CORS Plugin\n\nThe **CORS plugin** for [Grav](http://github.com/getgrav/grav) allows to enable and manage [CORS (Cross-Origin Resource Sharing)](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS) on your site.\n\nWith CORS, it is possible to let your site become remotely available for Ajax requests.\n\n## Installation\n\nThe CORS plugin is easy to install with GPM.\n\n```bash\n$ bin/gpm install cors\n```\n\n## Config Defaults\n\n```yaml\nenabled: true\nroutes:\n  - '*'\norigins:\nallowHeaders: []\n  - '*'\nmethods:\n  - OPTIONS\n  - GET\n  - HEAD\n  - POST\n  - PUT\n  - DELETE\n  - TRACE\n  - CONNECT\ncredentials: false\n```\n\nIf you need to change any value, then the best process is to copy the [cors.yaml](cors.yaml) file into your users/config/plugins/ folder (create it if it doesn't exist), and then modify there. This will override the default settings.\n\n## Settings\n\n### Routes\n\nOne ore more **relative** URIs, matching any of the  site routes. This can be a full route (`/blog/entry`).\n\nRoutes are always interpreted as regular expressions, which allows for routes like `/blog/*` or even more complex ones such as `^/.*\\.json(\\?\\d{1,})?$` (**/some-url.json?1470810103393**).\n\nTo make the whole site available for CORS, set the Route value to `*` (wildcard).\n\n### Allow Origin\n\nThe origin specifies one or multiple URI that may access the site. You might specify `*` as a wildcard, allowing any origin to access the site.\n\n### Allow Methods\n\nThe method or methods allowed when accessing the site.\n\n### Allow Headers\n\nThe headers allowed when accessing the site.\n\n### Expose Headers\n\nThis setting allows to whitelist headers that browsers are allowed to access. For example:\n\n```\nAccess-Control-Expose-Headers: X-My-Grav-Header, X-Custom-Grav\n```\n\nThis allows the `X-My-Grav-Header` and `X-Custom-Grav` headers to be exposed to the browser.\n\nThe `XMLHttpRequest 2` object has a `getResponseHeader()` method that returns the value of a particular response header. During a CORS request, the `getResponseHeader()` method can only access simple response headers. Simple response headers are defined as follows:\n\n* Cache-Control\n* Content-Language\n* Content-Type\n* Expires\n* Last-Modified\n* Pragma\n\nIf you want clients to be able to access other headers, you have to specify them through this setting.\n\n### Allow Credentials\n\nBy default, cookies are not included in CORS requests. By enabling this setting, cookies will be included in CORS requests. If you don't need cookies, don't enable this option.\n\nThe `Access-Control-Allow-Credentials` header works in conjunction with the `withCredentials` property on the XMLHttpRequest 2 object. Both these properties must be set to true in order for the CORS request to succeed. If `withCredentials` is true, but there is no `Access-Control-Allow-Credentials` header, the request will fail (and vice versa).\n\nIts recommended that you don’t enable this setting unless you are sure you want cookies to be included in CORS requests.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgetgrav%2Fgrav-plugin-cors","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgetgrav%2Fgrav-plugin-cors","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgetgrav%2Fgrav-plugin-cors/lists"}