CORS (Cross-Origin Resource Sharing) for your Symfony/Laravel requests

Related tags

API php cors laravel symfony
Overview

CORS for PHP (using the Symfony HttpFoundation)

Unit Tests PHPStan Level 9 Code Coverage Packagist License Latest Stable Version Total Downloads Fruitcake

Library and middleware enabling cross-origin resource sharing for your http-{foundation,kernel} using application. It attempts to implement the W3C Recommendation for cross-origin resource sharing.

Note: This is a standalone fork of https://github.com/asm89/stack-cors and is compatible with the options for CorsService.

Installation

Require fruitcake/php-cors using composer.

Usage

This package can be used as a library. You can use it in your framework using:

Options

Option Description Default value
allowedMethods Matches the request method. []
allowedOrigins Matches the request origin. []
allowedOriginsPatterns Matches the request origin with preg_match. []
allowedHeaders Sets the Access-Control-Allow-Headers response header. []
exposedHeaders Sets the Access-Control-Expose-Headers response header. []
maxAge Sets the Access-Control-Max-Age response header. 0
supportsCredentials Sets the Access-Control-Allow-Credentials header. false

The allowedMethods and allowedHeaders options are case-insensitive.

You don't need to provide both allowedOrigins and allowedOriginsPatterns. If one of the strings passed matches, it is considered a valid origin. A wildcard in allowedOrigins will be converted to a pattern.

If ['*'] is provided to allowedMethods, allowedOrigins or allowedHeaders all methods / origins / headers are allowed.

Note: Allowing a single static origin will improve cacheability.

Example: using the library

<?php

use Fruitcake\Cors\CorsService;

$cors = new CorsService([
    'allowedHeaders'         => ['x-allowed-header', 'x-other-allowed-header'],
    'allowedMethods'         => ['DELETE', 'GET', 'POST', 'PUT'],
    'allowedOrigins'         => ['http://localhost', 'https://*.example.com'],
    'allowedOriginsPatterns' => ['/localhost:\d/'],
    'exposedHeaders'         => ['Content-Encoding'],
    'maxAge'                 => 0,
    'supportsCredentials'    => false,
]);

$cors->addActualRequestHeaders(Response $response, $origin);
$cors->handlePreflightRequest(Request $request);
$cors->isActualRequestAllowed(Request $request);
$cors->isCorsRequest(Request $request);
$cors->isPreflightRequest(Request $request);

License

Released under the MIT License, see LICENSE.

This package is split-off from https://github.com/asm89/stack-cors and developed as stand-alone library since 2022

You might also like...
Phalcon PHP REST API Package, still in beta, please submit issues or pull requests

PhREST API A Phalcon REST API package, based on Apigees guidelines as found in http://apigee.com/about/content/web-api-design Please see the skeleton

PhREST 29 Dec 27, 2022
Facebook Query Builder: A query builder for nested requests in the Facebook Graph API

A query builder that makes it easy to create complex & efficient nested requests to Facebook's Graph API to get lots of specific data back with one request.

Sammy Kaye Powers 92 Dec 18, 2022
This bundle provides tools to build a complete GraphQL server in your Symfony App.

OverblogGraphQLBundle This Symfony bundle provides integration of GraphQL using webonyx/graphql-php and GraphQL Relay. It also supports: batching with

Webedia - Overblog 720 Dec 25, 2022
Integration with your Symfony app & Vite

ViteBundle : Symfony integration with Vite This bundle helping you render all of the dynamic script and link tags needed. Essentially, he provide two

Hugues Tavernier 84 Dec 21, 2022
Pure PHP implementation of GraphQL Server – Symfony Bundle

Symfony GraphQl Bundle This is a bundle based on the pure PHP GraphQL Server implementation This bundle provides you with: Full compatibility with the

null 283 Dec 15, 2022
DataTables bundle for Symfony

Symfony DataTables Bundle This bundle provides convenient integration of the popular DataTables jQuery library for realtime Ajax tables in your Symfon

Omines Internetbureau 199 Jan 3, 2023
GraphQL Bundle for Symfony 2.

Symfony 2 GraphQl Bundle Use Facebook GraphQL with Symfony 2. This library port laravel-graphql. It is based on the PHP implementation here. Installat

Sergey Varibrus 35 Nov 17, 2022
Provides a Middleware to integration Tideways into Symfony Messenger Processing

Tideways Middleware for Symfony Messenger This package is currently under development and might be moved into the Tideways PHP Extension or stay indep

Tideways 6 Jul 5, 2022
An Unleash bundle for Symfony applications to provide an easy way to use feature flags

Unleash Bundle An Unleash bundle for Symfony applications. This provide an easy way to implement feature flags using Gitlab Feature Flags Feature. Ins

Stogon 7 Oct 20, 2022
Comments
  • Use PSR-7 to accommodate more frameworks

    Use PSR-7 to accommodate more frameworks

    Use PSR-7 message interfaces instead of Symfony HTTP foundation classes and PSR-17 HTTP message factories to create responses.

    I created this branch for myself and wanted to propose this change so more implementations of HTTP messages can use this library to implement CORS.

    opened by ricardoboss 0
  • PHP 8.1.3 can't install composer

    PHP 8.1.3 can't install composer

    Hi. I have PHP version 8.1.3. We have an error for updating Laravel to version 9

    Root composer.json requires fruitcake/laravel-cors ^1.2.0, found fruitcake/laravel-cors
[dev-feat-lazyoptions, dev-feat-groupmiddleware, dev-test-single, dev-feat-middlewaretest, 
dev-feat-actions, dev-feat-browsertests, dev-master, dev-v1-backport, dev-feat-prependmiddleware, 
dev-develop, dev-barryvdh-test-laravel9, 
v0.1, ..., 0.11.x-dev, v1.0.0, ..., 1.0.x-dev, v2.0.0-beta1, ..., 2.2.x-dev, v3.0.0, 3.0.x-dev 
(alias of dev-master)] 
but it does not match the constraint.
    opened by MostafaNorzade 0
  • feat: handle private network requests

    feat: handle private network requests

    This PR adds support for the additional CORS-headers introduced in the Private Network Access draft. Chrome experimenting with it, see: https://chromestatus.com/feature/5436853517811712.

    opened by joostdebruijn 1
  • PHP 8.1 Passing null to parameter #1 ($haystack) of type string is deprecated

    PHP 8.1 Passing null to parameter #1 ($haystack) of type string is deprecated

    Hi we just upgraded to Laravel 9 and PHP 8.1 and noticed the following message in the logs: strpos(): Passing null to parameter #1 ($haystack) of type string is deprecated in vendor/fruitcake/php-cors/src/CorsService.php on line 108

    opened by gigerIT 0
Releases(v1.2.0)
Owner
Fruitcake
Fruitcake
GitHub
A Symfony bundle that provides #StandWithUkraine banner and has some built-in features to block access to your resource for Russian-speaking users.

StandWithUkraineBundle На русском? Смотри README.ru.md This bundle provides a built-in StandWithUkraine banner for your Symfony application and has so

Victor Bocharsky 10 Nov 12, 2022
Online Book Store is a E-commerce Website and Book Conversion(pdf to audio and Img to txt) and Book Sharing platform.

Online-Book-Store Online Book Store is a E-commerce Website and Book Conversion(pdf to audio and Img to txt) and Book Sharing platform. The main descr

Gokul krishnan 1 May 22, 2022
A simple PHP project to make API requests on your cPanel installation

A simple PHP project to make API requests on your cPanel installation. This allows you to call modules inside the installation and interact with them to add, show or list data such as domains, e-mail accounts, databases and so on.

Elias Häußler 0 Sep 15, 2022
Quickly and easily expose Doctrine entities as REST resource endpoints with the use of simple configuration with annotations, yaml, json or a PHP array.

Drest Dress up doctrine entities and expose them as REST resources This library allows you to quickly annotate your doctrine entities into restful res

Lee Davis 88 Nov 5, 2022
Qiniu Resource (Cloud) Storage SDK for PHP

Qiniu Cloud SDK for PHP 安装 推荐使用 composer 进行安装。可以使用 composer.json 声明依赖,或者运行下面的命令。SDK 包已经放到这里 qiniu/php-sdk 。 $ composer require qiniu/php-sdk 直接下载安装,SD

Qiniu Cloud 804 Dec 19, 2022
OpenAPI(v3) Validators for Symfony http-foundation, using `league/openapi-psr7-validator` and `symfony/psr-http-message-bridge`.

openapi-http-foundation-validator OpenAPI(v3) Validators for Symfony http-foundation, using league/openapi-psr7-validator and symfony/psr-http-message

n1215 2 Nov 19, 2021
Fork of Symfony Rate Limiter Component for Symfony 4

Rate Limiter Component Fork (Compatible with Symfony <=4.4) The Rate Limiter component provides a Token Bucket implementation to rate limit input and

AvaiBook by idealista 4 Apr 19, 2022
Enter-to-the-Matrix-with-Symfony-Console - Reproduction of the "Matrix characterfall" effect with the Symfony Console component.

Enter to the Matrix (with Symfony Console) Reproduction of the "Matrix characterfall" effect with the Symfony Console component. Run Clone the project

Yoan Bernabeu 23 Aug 28, 2022
Airbrake.io & Errbit integration for Symfony 3/4/5. This bundle plugs the Airbrake API client into Symfony project

AmiAirbrakeBundle Airbrake.io & Errbit integration for Symfony 3/4/5. This bundle plugs the Airbrake API client into Symfony project. Prerequisites Th

Anton Minin 8 May 6, 2022
Transporter is a futuristic way to send API requests in PHP

Transporter Transporter is a futuristic way to send API requests in PHP. This is an OOP approach to handle API requests.

Steve McDougall 369 Dec 22, 2022