CORS Middleware for Hyperf
Implements fruitcake/laravel-cors for Hyperf.
Features
- Handles CORS pre-flight OPTIONS requests
- Adds CORS headers to your responses
- Match routes to only add CORS to certain Requests
Installation
Require the gokure/hypref-cors package in your composer.json and update your dependencies:
composer require gokure/hypref-cors
Global usage
To allow CORS for all your routes, add the CorsMiddleware middleware at the top of the property of config/autoload/middlewares.php file and set the paths property in the config (see Configuration below):
'http' => [
\Gokure\HyperfCors\CorsMiddleware::class,
...
],
Also, to allow CORS for exception responses, you need add the CorsExceptionHandler handler at the top of the property of config/autoload/exceptions.php file:
'handler' => [
'http' => [
Gokure\HyperfCors\CorsExceptionHandler::class,
...
],
],
Note: Since the version
1.1.0,CorsExceptionHandlerhas been deprecated, and it will be removed since 2.0, you can move it out safely fromexceptions.phpfile.
Configuration
The defaults are set in config/autoload/cors.php. Publish the config to copy the file to your own config:
php bin/hyperf.php vendor:publish gokure/hypref-cors
Note: When using custom headers, like
X-Auth-TokenorX-Requested-With, you must set theallowed_headersto include those headers. You can also set it to['*']to allow all custom headers.
Note: If you are explicitly whitelisting headers, you must include
Originor requests will fail to be recognized as CORS.
Options
| Option | Description | Default value |
|---|---|---|
| paths | You can enable CORS for 1 or multiple paths, eg. ['api/*'] |
[] |
| allowed_origins | Matches the request origin. Wildcards can be used, eg. *.mydomain.com or mydomain.com:* |
['*'] |
| allowed_origins_patterns | Matches the request origin with preg_match. |
[] |
| allowed_methods | Matches the request method. | ['*'] |
| allowed_headers | Sets the Access-Control-Allow-Headers response header. | ['*'] |
| exposed_headers | Sets the Access-Control-Expose-Headers response header. | false |
| max_age | Sets the Access-Control-Max-Age response header. | 0 |
| supports_credentials | Sets the Access-Control-Allow-Credentials header. | false |
allowed_origins, allowed_headers and allowed_methods can be set to ['*'] to accept any value.
Note: For
allowed_originsyou must include the scheme when not using a wildcard, eg.['http://example.com', 'https://example.com']. You must also take into account that the scheme will be present when usingallowed_origins_patterns.
License
Released under the MIT License, see LICENSE.
269 Nov 9, 2022
6.2k Jan 8, 2023
48 Feb 1, 2020
46 Jul 27, 2022
15 Nov 17, 2022
273 Jan 4, 2023
101 Nov 21, 2022
47 Dec 22, 2022
18 Jun 1, 2022
8 May 11, 2022
994 Jan 7, 2023
86 Jan 5, 2023
859 Oct 25, 2022
62 Dec 8, 2022
44 Dec 8, 2022
1 Oct 15, 2021
46 Jul 27, 2022
101 Nov 21, 2022
51 Nov 21, 2022
570 Dec 16, 2022
1.5k Jan 3, 2023
752 Jan 3, 2023
681 Jan 3, 2023
416 Dec 17, 2022
145 Nov 20, 2022