Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/asm89/stack-cors
Cross-origin resource sharing library and stack middleware.
https://github.com/asm89/stack-cors
Last synced: about 1 month ago
JSON representation
Cross-origin resource sharing library and stack middleware.
- Host: GitHub
- URL: https://github.com/asm89/stack-cors
- Owner: asm89
- License: mit
- Created: 2013-08-13T21:12:17.000Z (over 11 years ago)
- Default Branch: master
- Last Pushed: 2023-11-29T10:22:37.000Z (12 months ago)
- Last Synced: 2024-05-18T10:45:31.802Z (6 months ago)
- Language: PHP
- Size: 97.7 KB
- Stars: 1,273
- Watchers: 8
- Forks: 56
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
README
# Stack/Cors
Library and middleware enabling cross-origin resource sharing for your
http-{foundation,kernel} using application. It attempts to implement the
[W3C Recommendation] for cross-origin resource sharing.
[W3C Recommendation]: http://www.w3.org/TR/cors/
Build status: 
## Installation
Require `asm89/stack-cors` using composer.
## Usage
This package can be used as a library or as [stack middleware].
[stack middleware]: http://stackphp.com/
### Options
| Option | Description | Default value |
|------------------------|------------------------------------------------------------|---------------|
| `allowedMethods` | Matches the request method. | `[]` |
| `allowedOrigins` | Matches the request origin. | `[]` |
| `allowedOriginsPatterns` | Matches the request origin with `preg_match`. | `[]` |
| `allowedHeaders` | Sets the Access-Control-Allow-Headers response header. | `[]` |
| `exposedHeaders` | Sets the Access-Control-Expose-Headers response header. | `false` |
| `maxAge` | Sets the Access-Control-Max-Age response header.
Set to `null` to omit the header/use browser default. | `0` |
| `supportsCredentials` | Sets the Access-Control-Allow-Credentials header. | `false` |
The _allowedMethods_ and _allowedHeaders_ options are case-insensitive.
You don't need to provide both _allowedOrigins_ and _allowedOriginsPatterns_. If one of the strings passed matches, it is considered a valid origin.
If `['*']` is provided to _allowedMethods_, _allowedOrigins_ or _allowedHeaders_ all methods / origins / headers are allowed.
If _supportsCredentials_ is `true`, you must [explicitly set](https://fetch.spec.whatwg.org/#cors-protocol-and-credentials) `allowedHeaders` for any headers which are not CORS safelisted.
### Example: using the library
```php
['x-allowed-header', 'x-other-allowed-header'],
'allowedMethods' => ['DELETE', 'GET', 'POST', 'PUT'],
'allowedOrigins' => ['http://localhost'],
'allowedOriginsPatterns' => ['/localhost:\d/'],
'exposedHeaders' => false,
'maxAge' => 600,
'supportsCredentials' => true,
]);
$cors->addActualRequestHeaders(Response $response, $origin);
$cors->handlePreflightRequest(Request $request);
$cors->isActualRequestAllowed(Request $request);
$cors->isCorsRequest(Request $request);
$cors->isPreflightRequest(Request $request);
```
## Example: using the stack middleware
```php
['x-allowed-header', 'x-other-allowed-header'],
// you can use ['*'] to allow any methods
'allowedMethods' => ['DELETE', 'GET', 'POST', 'PUT'],
// you can use ['*'] to allow requests from any origin
'allowedOrigins' => ['localhost'],
// you can enter regexes that are matched to the origin request header
'allowedOriginsPatterns' => ['/localhost:\d/'],
'exposedHeaders' => false,
'maxAge' => 600,
'supportsCredentials' => false,
]);
```