develop
/
qwl_config
4
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
0 Tags
9.4 MiB
Tree: 85f826c35f
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '85f826c35f'
${ noResults }
qwl_config/vendor/asm89/stack-cors/README.md

83 lines
3.3 KiB
Raw Normal View History

111
3 years ago
  1. # Stack/Cors
  3. Library and middleware enabling cross-origin resource sharing for your
  4. http-{foundation,kernel} using application. It attempts to implement the
  5. [W3C Recommendation] for cross-origin resource sharing.
  7. [W3C Recommendation]: http://www.w3.org/TR/cors/
  9. Build status: ![.github/workflows/run-tests.yml](https://github.com/asm89/stack-cors/workflows/.github/workflows/run-tests.yml/badge.svg)
  11. ## Installation
  13. Require `asm89/stack-cors` using composer.
  15. ## Usage
  17. This package can be used as a library or as [stack middleware].
  19. [stack middleware]: http://stackphp.com/
  21. ### Options
  23. | Option | Description | Default value |
  24. |------------------------|------------------------------------------------------------|---------------|
  25. | allowedMethods | Matches the request method. | `array()` |
  26. | allowedOrigins | Matches the request origin. | `array()` |
  27. | allowedOriginsPatterns | Matches the request origin with `preg_match`. | `array()` |
  28. | allowedHeaders | Sets the Access-Control-Allow-Headers response header. | `array()` |
  29. | exposedHeaders | Sets the Access-Control-Expose-Headers response header. | `false` |
  30. | maxAge | Sets the Access-Control-Max-Age response header. | `false` |
  31. | supportsCredentials | Sets the Access-Control-Allow-Credentials header. | `false` |
  33. The _allowedMethods_ and _allowedHeaders_ options are case-insensitive.
  35. You don't need to provide both _allowedOrigins_ and _allowedOriginsPatterns_. If one of the strings passed matches, it is considered a valid origin.
  37. If `array('*')` is provided to _allowedMethods_, _allowedOrigins_ or _allowedHeaders_ all methods / origins / headers are allowed.
  39. ### Example: using the library
  41. ```php
  42. <?php
  44. use Asm89\Stack\CorsService;
  46. $cors = new CorsService(array(
  47. 'allowedHeaders' => array('x-allowed-header', 'x-other-allowed-header'),
  48. 'allowedMethods' => array('DELETE', 'GET', 'POST', 'PUT'),
  49. 'allowedOrigins' => array('http://localhost'),
  50. 'allowedOriginsPatterns' => array('/localhost:\d/'),
  51. 'exposedHeaders' => false,
  52. 'maxAge' => false,
  53. 'supportsCredentials' => false,
  54. ));
  56. $cors->addActualRequestHeaders(Response $response, $origin);
  57. $cors->handlePreflightRequest(Request $request);
  58. $cors->isActualRequestAllowed(Request $request);
  59. $cors->isCorsRequest(Request $request);
  60. $cors->isPreflightRequest(Request $request);
  61. ```
  63. ## Example: using the stack middleware
  65. ```php
  66. <?php
  68. use Asm89\Stack\Cors;
  70. $app = new Cors($app, array(
  71. // you can use array('*') to allow any headers
  72. 'allowedHeaders' => array('x-allowed-header', 'x-other-allowed-header'),
  73. // you can use array('*') to allow any methods
  74. 'allowedMethods' => array('DELETE', 'GET', 'POST', 'PUT'),
  75. // you can use array('*') to allow requests from any origin
  76. 'allowedOrigins' => array('localhost'),
  77. // you can enter regexes that are matched to the origin request header
  78. 'allowedOriginsPatterns' => array('/localhost:\d/'),
  79. 'exposedHeaders' => false,
  80. 'maxAge' => false,
  81. 'supportsCredentials' => false,
  82. ));
  83. ```