| Package Data | |
|---|---|
| Maintainer Username: | alireza5014 |
| Maintainer Contact: | freek@alireza5014.be (Freek Van der Herten) |
| Package Create Date: | 2021-02-25 |
| Package Last Update: | 2021-08-29 |
| Language: | PHP |
| License: | MIT |
| Last Refreshed: | 2024-04-19 15:14:42 |
| Package Statistics | |
|---|---|
| Total Downloads: | 19 |
| Monthly Downloads: | 0 |
| Daily Downloads: | 0 |
| Total Stars: | 0 |
| Total Watchers: | 2 |
| Total Forks: | 0 |
| Total Open Issues: | 0 |
We have abandoned this package because Laravel 7 introduced native support for CORS. Only use this package if you're on Laravel 6 or below.
This package will add CORS headers to the responses of your Laravel or Lumen app. For more infomation about CORS, see the Mozilla CORS documentation.
This package supports preflight requests and is easily configurable to fit your needs.
You can install the package via Composer:
composer require alireza5014/laravel-cors
The package will automatically register its service provider.
The provided alireza5014\Cors\Cors middleware must be registered in the global middleware group.
// app/Http/Kernel.php
protected $middleware = [
...
\alireza5014\Cors\Cors::class
];
php artisan vendor:publish --provider="alireza5014\Cors\CorsServiceProvider" --tag="config"
This is the default content of the config file published at config/cors.php:
return [
/*
* A cors profile determines which origins, methods, headers are allowed for
* a given requests. The `DefaultProfile` reads its configuration from this
* config file.
*
* You can easily create your own cors profile.
* More info: https://github.com/alireza5014/laravel-cors/#creating-your-own-cors-profile
*/
'cors_profile' => alireza5014\Cors\CorsProfile\DefaultProfile::class,
/*
* This configuration is used by `DefaultProfile`.
*/
'default_profile' => [
'allow_credentials' => false,
'allow_origins' => [
'*',
],
'allow_methods' => [
'POST',
'GET',
'OPTIONS',
'PUT',
'PATCH',
'DELETE',
],
'allow_headers' => [
'Content-Type',
'X-Auth-Token',
'Origin',
'Authorization',
],
'expose_headers' => [
'Cache-Control',
'Content-Language',
'Content-Type',
'Expires',
'Last-Modified',
'Pragma',
],
'forbidden_response' => [
'message' => 'Forbidden (cors).',
'status' => 403,
],
/*
* Preflight request will respond with value for the max age header.
*/
'max_age' => 60 * 60 * 24,
],
];
You can install the package via Composer:
composer require alireza5014/laravel-cors
Copy the config file from the vendor directory:
cp vendor/alireza5014/laravel-cors/config/cors.php config/cors.php
Register the config file, the middleware and the service provider in bootstrap/app.php:
$app->configure('cors');
$app->middleware([
alireza5014\Cors\Cors::class,
]);
$app->register(alireza5014\Cors\CorsServiceProvider::class);
With the middleware installed your API routes should now get appropriate CORS headers. Preflight requests will be handled as well. If a request comes in that is not allowed, Laravel will return a 403 response.
The default configuration of this package allows all requests from any origin (denoted as '*'). You probably want to at least specify some origins relevant to your project. If you want to allow requests to come in from https://alireza5014.be and https://laravel.com add those domains to the config file:
// config/cors.php
...
'default_profile' => [
'allow_origins' => [
'https://alireza5014.be',
'https://laravel.com',
],
...
...
If you, for example, want to allow all subdomains from a specific domain, you can use the wildcard asterisk (*) and specifiy that:
// config/cors.php
...
'default_profile' => [
'allow_origins' => [
'https://alireza5014.be',
'https://laravel.com',
'https://*.alireza5014.be',
'https://*.laravel.com',
],
...
...
Imagine you want to specify allowed origins based on the user that is currently logged in. In that case the DefaultProfile which just reads the config file won't cut it. Fortunately it's very easy to write your own CORS profile, which is simply a class that extends alireza5014\Cors\DefaultProfile.
Here's a quick example where it is assumed that you've already added an allowed_domains column on your user model:
namespace App\Services\Cors;
use alireza5014\Cors\CorsProfile\DefaultProfile;
class UserBasedCorsProfile extends DefaultProfile
{
public function allowOrigins(): array
{
return Auth::user()->allowed_domains;
}
}
You can override the default HTTP status code and message returned when a request is forbidden by editing the forbidden_response array in your configuration file:
'forbidden_response' => [
'message' => 'Your request failed',
'status' => 400,
],
Don't forget to register your profile in the config file.
// config/cors.php
...
'cors_profile' => App\Services\Cors\UserBasedCorsProfile::class,
...
In the example above we've overwritten the allowOrigins method, but of course you may choose to override any of the methods present in DefaultProfile.
composer test
Please see CHANGELOG for more information what has changed recently.
Please see CONTRIBUTING for details.
If you discover any security related issues, please email freek@alireza5014.be instead of using the issue tracker.
You're free to use this package, but if it makes it to your production environment we highly appreciate you sending us a postcard from your hometown, mentioning which of our package(s) you are using.
Our address is: alireza5014, Samberstraat 69D, 2060 Antwerp, Belgium.
We publish all received postcards on our company website.
alireza5014 is a webdesign agency based in Antwerp, Belgium. You'll find an overview of all our open source projects on our website.
Does your business depend on our contributions? Reach out and support us on Patreon. All pledges will be dedicated to allocating workforce on maintenance and new awesome stuff.
The MIT License (MIT). Please see License File for more information.