agungsugiarto/codeigniter4-cors
最新稳定版本:v3.0.0
Composer 安装命令:
composer require agungsugiarto/codeigniter4-cors
包简介
Send CORS Headers in a CodeIgniter 4 application.
README 文档
README
Inspired from https://github.com/asm89/stack-cors for CodeIgniter 4
About
The codeigniter4-cors package allows you to send Cross-Origin Resource Sharing
headers with Codeigniter4 filter configuration.
Features
- Handles CORS pre-flight OPTIONS requests
- Adds CORS headers to your responses
- Match routes to only add CORS to certain Requests
Upgrade from 2.x to v3.x
Upgrade from version 2.x to 3.x. Open your composer.json find agungsugiarto/codeigniter4-cors and change value to ^3.0
Installation
Require the agungsugiarto/codeigniter4-cors package in your composer.json and update your dependencies:
composer require agungsugiarto/codeigniter4-cors
Global usage
To allow CORS for all your routes, first register CorsFilter.php filter at the top of the $aliases property of App/Config/Filter.php class:
public $aliases = [ 'cors' => \Fluent\Cors\Filters\CorsFilter::class, // ... ];
Global restrictions
Restrict routes based on their URI pattern by editing app/Config/Filters.php and adding them to the
$filters array, e.g.:
public $filters = [ // ... 'cors' => [ 'before' => ['api/*'], 'after' => ['api/*'] ], ];
Restricting a single route
Any single route can be restricted by adding the filter option to the last parameter in any of the route definition methods:
$routes->get('api/users', 'UserController::index', ['filter' => 'cors']);
Restricting Route Groups
In the same way, entire groups of routes can be restricted within the group() method:
$routes->group('api/v1', ['filter' => 'cors'], function ($routes) { // ... });
Configuration
The defaults are set in config/cors.php. Publish the config to copy the file to your own config:
php spark cors:publish
Note: When using custom headers, like
X-Auth-TokenorX-Requested-With, you must set theallowedHeadersto include those headers. You can also set it to['*']to allow all custom headers.
Note: If you are explicitly whitelisting headers, you must include
Originor requests will fail to be recognized as CORS.
Options
| Option | Description | Default value |
|---|---|---|
| allowedOrigins | Matches the request origin. Wildcards can be used, eg. *.mydomain.com |
['*'] |
| allowedOriginsPatterns | Matches the request origin with preg_match. | [] |
| allowedMethods | Matches the request method. | ['*'] |
| allowedHeaders | Sets the Access-Control-Allow-Headers response header. | ['*'] |
| exposedHeaders | Sets the Access-Control-Expose-Headers response header. | false |
| maxAge | Sets the Access-Control-Max-Age response header. | 0 |
| supportsCredentials | Sets the Access-Control-Allow-Credentials header. | false |
allowedOrigins, allowedHeaders and allowedMethods can be set to ['*'] to accept any value.
Note: For
allowedOriginsyou must include the scheme when not using a wildcard, eg.['http://example.com', 'https://example.com']. You must also take into account that the scheme will be present when using allowed_origins_patterns.
Note: Try to be a specific as possible. You can start developing with loose constraints, but it's better to be as strict as possible!
License
Released under the MIT License, see LICENSE.
统计信息
- 总下载量: 23.53k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 65
- 点击次数: 1
- 依赖项目数: 2
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2020-08-02