README

Cross Origin Resource Sharing for TYPO3

Installation

This extension is installable from various sources:

1. Via Composer:

    composer require pagemachine/cors
   

2. From the TYPO3 Extension Repository

3. From Github

Configuration

All configuration options can be set via TypoScript setup in config.cors or per page object in page.config.cors. The following options are available:

Note that all options support stdWrap processing through their .stdWrap property.

Examples

• Origin wildcarding:

    config.cors {
      allowOrigin = *
    }
  

• Simple list of origins:

    config.cors {
      allowOrigin = http://example.org, http://example.com
      // More readable version
      allowOrigin (
        http://example.org,
        http://example.com
      )
    }
  

• Matching origins via regular expressions:

    config.cors {
      allowOrigin.pattern = https?://example\.(org|com)
    }
  

• Allow specific methods:

    config.cors {
      allowMethods = GET, POST, PUT, DELETE
    }
  

• Allow headers:

    config.cors {
      allowHeaders = (
        Content-Type,
        ...
      )
    }
  

• Allow credential flag processing:

    config.cors {
      // Set to 1/true to enable
      allowCredentials = 1
    }
  

• Expose headers:

   config.cors {
     exposeHeaders (
       X-My-Custom-Header,
       X-Another-Custom-Header
     )
   }
  

• Set maximum age of preflight request result:

    config.cors {
      // 10 minutes
      maxAge = 600
    }
  

• Set maximum age via some stdWrap processing:

    config.cors {
      maxAge.stdWrap.cObject = TEXT
      maxAge.stdWrap.cObject {
        value = 600
      }
    }
  

Issues

Found a bug? Need a feature? Let us know through our issue tracker.

Testing

All tests can be executed with the shipped Docker Compose definition:

docker-compose run --rm app composer build