A CakePHP (3.3+) plugin for activate cors domain in your application with Middleware.
- PHP version 5.6 or higher
- CakePhp 3.3 or higher
You can install this plugin into your CakePHP application using composer.
The recommended way to install composer packages is:
composer require ozee31/cakephp-cors
Loading the Plugin
// In config/bootstrap.php
Plugin::load('Cors', ['bootstrap' => true, 'routes' => false]);By default the plugin authorize cors for all origins, all methods and all headers and caches all for one day.
<?php
[
'AllowOrigin' => true, // accept all origin
'AllowCredentials' => true,
'AllowMethods' => ['GET', 'POST', 'PUT', 'PATCH', 'DELETE'], // accept all HTTP methods
'AllowHeaders' => true, // accept all headers
'ExposeHeaders' => false, // don't accept personal headers
'MaxAge' => 86400, // cache for 1 day
'exceptionRenderer' => 'Cors\Error\AppExceptionRenderer', // Use ExeptionRenderer class of plugin
'ErrorController' => 'Cors\Controller\ErrorController', // Use ErrorController class of plugin
]In app.php add :
'Cors' => [
// My Config
]AllowOrigin (Access-Control-Allow-Origin)
A returned resource may have one Access-Control-Allow-Origin header, with the following syntax:
'Cors' => [
// Accept all origins
'AllowOrigin' => true,
// OR
'AllowOrigin' => '*',
// Accept one origin
'AllowOrigin' => 'http://flavienbeninca.fr'
// Accept many origins
'AllowOrigin' => ['http://flavienbeninca.fr', 'http://google.com']
]AllowCredentials (Access-Control-Allow-Credentials)
The Access-Control-Allow-Credentials header Indicates whether or not the response to the request can be exposed when the credentials flag is true. When used as part of a response to a preflight request, this indicates whether or not the actual request can be made using credentials. Note that simple GET requests are not preflighted, and so if a request is made for a resource with credentials, if this header is not returned with the resource, the response is ignored by the browser and not returned to web content.
'Cors' => [
'AllowCredentials' => true,
// OR
'AllowCredentials' => false,
]AllowMethods (Access-Control-Allow-Methods)
'Cors' => [
// string
'AllowMethods' => 'POST',
// OR array
'AllowMethods' => ['GET', 'POST'],
]AllowHeaders (Access-Control-Allow-Headers)
The Access-Control-Allow-Headers header is used in response to a preflight request to indicate which HTTP headers can be used when making the actual request.
'Cors' => [
// accept all headers
'AllowHeaders' => true,
// accept just authorization
'AllowHeaders' => 'authorization',
// accept many headers
'AllowHeaders' => ['authorization', 'other-header'],
]ExposeHeaders (Access-Control-Expose-Headers)
The Access-Control-Expose-Headers header lets a server whitelist headers that browsers are allowed to access. For example:
'Cors' => [
// nothing
'ExposeHeaders' => false,
// string
'ExposeHeaders' => 'X-My-Custom-Header',
// array
'ExposeHeaders' => ['X-My-Custom-Header', 'X-Another-Custom-Header'],
]MaxAge (Access-Control-Max-Age)
The Access-Control-Max-Age header indicates how long the results of a preflight request can be cached. For an example of a preflight request, see the above examples.
'Cors' => [
// no cache
'MaxAge' => false,
// 1 hour
'MaxAge' => 3600,
// 1 day
'MaxAge' => 86400,
]This option overload default exceptionRenderer in app.php.
If you don't want to overload exceptionRenderer, You must write
'Cors' => [
'exceptionRenderer' => false
]But you must read https://github.com/ozee31/cakephp-cors#errorcontroller
By default, the plugin use an ErrorController (Cors\Controller\ErrorController) which extends from App\Controller\ErrorController.
If you do not want this, you can change this option but it is recommended to add this code in your personal ErrorController
public function beforeRender(Event $event) {
// ...
$this->response = $this->response->withHeader('Access-Control-Allow-Origin', '*');
}
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent