Chris@0: # Stack/Cors Chris@0: Chris@0: Library and middleware enabling cross-origin resource sharing for your Chris@0: http-{foundation,kernel} using application. It attempts to implement the Chris@0: [W3C Recommendation] for cross-origin resource sharing. Chris@0: Chris@0: [W3C Recommendation]: http://www.w3.org/TR/cors/ Chris@0: Chris@0: Master [![Build Status](https://secure.travis-ci.org/asm89/stack-cors.png?branch=master)](http://travis-ci.org/asm89/stack-cors) Chris@0: Chris@0: ## Installation Chris@0: Chris@0: Require `asm89/stack-cors` using composer. Chris@0: Chris@0: ## Usage Chris@0: Chris@0: This package can be used as a library or as [stack middleware]. Chris@0: Chris@0: [stack middleware]: http://stackphp.com/ Chris@0: Chris@0: ### Options Chris@0: Chris@0: | Option | Description | Default value | Chris@0: |------------------------|------------------------------------------------------------|---------------| Chris@0: | allowedMethods | Matches the request method. | `array()` | Chris@0: | allowedOrigins | Matches the request origin. | `array()` | Chris@0: | allowedOriginsPatterns | Matches the request origin with `preg_match`. | `array()` | Chris@0: | allowedHeaders | Sets the Access-Control-Allow-Headers response header. | `array()` | Chris@0: | exposedHeaders | Sets the Access-Control-Expose-Headers response header. | `false` | Chris@0: | maxAge | Sets the Access-Control-Max-Age response header. | `false` | Chris@0: | supportsCredentials | Sets the Access-Control-Allow-Credentials header. | `false` | Chris@0: Chris@0: The _allowedMethods_ and _allowedHeaders_ options are case-insensitive. Chris@0: Chris@0: You don't need to provide both _allowedOrigins_ and _allowedOriginsPatterns_. If one of the strings passed matches, it is considered a valid origin. Chris@0: Chris@0: If `array('*')` is provided to _allowedMethods_, _allowedOrigins_ or _allowedHeaders_ all methods / origins / headers are allowed. Chris@0: Chris@0: ### Example: using the library Chris@0: Chris@0: ```php Chris@0: array('x-allowed-header', 'x-other-allowed-header'), Chris@0: 'allowedMethods' => array('DELETE', 'GET', 'POST', 'PUT'), Chris@0: 'allowedOrigins' => array('localhost'), Chris@0: 'allowedOriginsPatterns' => array('/localhost:\d/'), Chris@0: 'exposedHeaders' => false, Chris@0: 'maxAge' => false, Chris@0: 'supportsCredentials' => false, Chris@0: )); Chris@0: Chris@0: $cors->addActualRequestHeaders(Response $response, $origin); Chris@0: $cors->handlePreflightRequest(Request $request); Chris@0: $cors->isActualRequestAllowed(Request $request); Chris@0: $cors->isCorsRequest(Request $request); Chris@0: $cors->isPreflightRequest(Request $request); Chris@0: ``` Chris@0: Chris@0: ## Example: using the stack middleware Chris@0: Chris@0: ```php Chris@0: array('x-allowed-header', 'x-other-allowed-header'), Chris@0: // you can use array('*') to allow any methods Chris@0: 'allowedMethods' => array('DELETE', 'GET', 'POST', 'PUT'), Chris@0: // you can use array('*') to allow requests from any origin Chris@0: 'allowedOrigins' => array('localhost'), Chris@0: // you can enter regexes that are matched to the origin request header Chris@0: 'allowedOriginsPatterns' => array('/localhost:\d/'), Chris@0: 'exposedHeaders' => false, Chris@0: 'maxAge' => false, Chris@0: 'supportsCredentials' => false, Chris@0: )); Chris@0: ```