App\Middleware\Cors

CORS Middleware (Cross-Origin Resource Sharing)

This class is included with the starter site and provides a template with common options for CORS Services. Use this class with route filter callback functions so that the OPTIONS request can be handled.

This class is designed to be easy to use without making changes and also easy to modify if you need to handle custom CORS options for your site.

Source Code

GitHub

رمز المثال

Starter Site Middleware


// The FastSitePHP Starter Site includes several examples pages and provides
// a basic directory/file structure. The site is designed to provide structure
// for basic content (JavaScript, CSS, etc) while remaining small in size so
// that it is easy to remove files you don’t need and customize it for your site.
//
//     https://github.com/fastsitephp/starter-site
//
// Core Middleware classes are provided and can be modified for your site.
//
// To use them specify the 'Class.method' on route filter functions or
// when mounting additional files.

// Require a user to be logged in in order to use a page
$app->get('/secure-page', 'SecureController')->filter('Auth.hasAccess');

// Require an authenticated user and use CORS
$app
    ->get('/api/:record_type', 'ApiController.getData')
    ->filter('Cors.acceptAuth')
    ->filter('Auth.hasAccess');

// Only run a route from localhost
$app->get('/server-info', function() {
    phpinfo();
})
->filter('Env.isLocalhost');

// Only load a file if running from localhost
$app->mount('/sysinfo/', 'routes-sysinfo.php', 'Env.isLocalhost');

Methods

acceptAuth(Application $app)

Allow all sites to submit [Authorization] and [Content-Type] headers. This function can be used for JSON or GraphQL Services were the API or Web Service is on a different host or domain from the main site.

This function adds the following headers:
    Access-Control-Allow-Origin: {Client-Origin}
    Access-Control-Allow-Headers: Authorization, Content-Type
    Access-Control-Allow-Credentials: true

If the client does not submit an origin then the following is used:
    Access-Control-Allow-Origin: *