3 Library and middleware enabling cross-origin resource sharing for your
4 http-{foundation,kernel} using application. It attempts to implement the
5 [W3C Recommendation] for cross-origin resource sharing.
7 [W3C Recommendation]: http://www.w3.org/TR/cors/
9 Master [![Build Status](https://secure.travis-ci.org/asm89/stack-cors.png?branch=master)](http://travis-ci.org/asm89/stack-cors)
13 Require `asm89/stack-cors` using composer.
17 This package can be used as a library or as [stack middleware].
19 [stack middleware]: http://stackphp.com/
23 | Option | Description | Default value |
24 |------------------------|------------------------------------------------------------|---------------|
25 | allowedMethods | Matches the request method. | `array()` |
26 | allowedOrigins | Matches the request origin. | `array()` |
27 | allowedOriginsPatterns | Matches the request origin with `preg_match`. | `array()` |
28 | allowedHeaders | Sets the Access-Control-Allow-Headers response header. | `array()` |
29 | exposedHeaders | Sets the Access-Control-Expose-Headers response header. | `false` |
30 | maxAge | Sets the Access-Control-Max-Age response header. | `false` |
31 | supportsCredentials | Sets the Access-Control-Allow-Credentials header. | `false` |
33 The _allowedMethods_ and _allowedHeaders_ options are case-insensitive.
35 You don't need to provide both _allowedOrigins_ and _allowedOriginsPatterns_. If one of the strings passed matches, it is considered a valid origin.
37 If `array('*')` is provided to _allowedMethods_, _allowedOrigins_ or _allowedHeaders_ all methods / origins / headers are allowed.
39 ### Example: using the library
44 use Asm89\Stack\CorsService;
46 $cors = new CorsService(array(
47 'allowedHeaders' => array('x-allowed-header', 'x-other-allowed-header'),
48 'allowedMethods' => array('DELETE', 'GET', 'POST', 'PUT'),
49 'allowedOrigins' => array('localhost'),
50 'allowedOriginsPatterns' => array('/localhost:\d/'),
51 'exposedHeaders' => false,
53 'supportsCredentials' => false,
56 $cors->addActualRequestHeaders(Response $response, $origin);
57 $cors->handlePreflightRequest(Request $request);
58 $cors->isActualRequestAllowed(Request $request);
59 $cors->isCorsRequest(Request $request);
60 $cors->isPreflightRequest(Request $request);
63 ## Example: using the stack middleware
70 $app = new Cors($app, array(
71 // you can use array('*') to allow any headers
72 'allowedHeaders' => array('x-allowed-header', 'x-other-allowed-header'),
73 // you can use array('*') to allow any methods
74 'allowedMethods' => array('DELETE', 'GET', 'POST', 'PUT'),
75 // you can use array('*') to allow requests from any origin
76 'allowedOrigins' => array('localhost'),
77 // you can enter regexes that are matched to the origin request header
78 'allowedOriginsPatterns' => array('/localhost:\d/'),
79 'exposedHeaders' => false,
81 'supportsCredentials' => false,