| name file |
size |
edit |
permission |
action |
| .editorconfig | 258 KB | August 13 2024 21:03:02 | 0770 |
|
| .env | 1340 KB | November 09 2024 13:13:00 | 0770 |
|
| .env.example | 1213 KB | August 13 2024 21:03:02 | 0770 |
|
| .gitattributes | 186 KB | August 13 2024 21:03:02 | 0770 |
|
| .htaccess | 466 KB | August 13 2024 21:03:02 | 0770 |
|
| .well-known | - | July 10 2025 23:46:46 | 0750 |
|
| 11.php | 70548 KB | July 01 2025 20:07:37 | 0644 |
|
| Modules | - | November 04 2024 11:42:06 | 0755 |
|
| README.md | 80 KB | August 13 2024 21:03:02 | 0770 |
|
| admin-link.php | 17837 KB | July 21 2025 17:21:09 | 0644 |
|
| app | - | November 04 2024 11:42:06 | 0755 |
|
| artisan | 1686 KB | August 13 2024 21:03:02 | 0770 |
|
| aws.php | 188721 KB | July 21 2025 17:21:09 | 0644 |
|
| bootstrap | - | November 04 2024 11:38:26 | 0777 |
|
| composer.json | 2932 KB | September 19 2024 12:33:02 | 0770 |
|
| composer.lock | 415525 KB | September 19 2024 12:33:02 | 0770 |
|
| config | - | July 02 2025 03:17:17 | 0777 |
|
| database | - | November 04 2024 11:42:06 | 0777 |
|
| index.php | 13824 KB | July 02 2025 01:57:55 | 0770 |
|
| ktq.txt | 1 KB | July 02 2025 01:58:01 | 0644 |
|
| lang | - | November 04 2024 11:38:26 | 0777 |
|
| main.php | 302 KB | July 05 2025 04:22:24 | 0644 |
|
| modules_statuses.json | 775 KB | August 26 2024 12:34:26 | 0770 |
|
| package-lock.json | 72682 KB | November 09 2024 12:47:51 | 0770 |
|
| package.json | 481 KB | August 13 2024 21:03:02 | 0770 |
|
| phpunit.xml | 1084 KB | August 13 2024 21:03:02 | 0770 |
|
| postcss.config.js | 93 KB | August 13 2024 21:03:02 | 0770 |
|
| public | - | July 12 2025 06:01:05 | 0777 |
|
| resources | - | November 04 2024 11:42:07 | 0755 |
|
| robots.txt | 986 KB | July 23 2025 17:58:50 | 0644 |
|
| routes | - | November 04 2024 11:38:26 | 0777 |
|
| server.php | 541 KB | August 13 2024 21:03:04 | 0770 |
|
| ss.php | 17569 KB | July 02 2025 03:06:06 | 0644 |
|
| storage | - | November 04 2024 11:42:08 | 0755 |
|
| tailwind.config.js | 541 KB | August 13 2024 21:03:04 | 0770 |
|
| tests | - | November 04 2024 11:42:08 | 0777 |
|
| tmp.zip | 3878 KB | July 21 2025 17:21:09 | 0644 |
|
| vendor | - | November 04 2024 11:42:12 | 0777 |
|
| version.json | 26 KB | October 15 2024 18:29:32 | 0770 |
|
| vite-module-loader.js | 1397 KB | August 13 2024 21:03:06 | 0770 |
|
| vite.config.js | 310 KB | August 13 2024 21:03:06 | 0770 |
|
# CORS for PHP (using the Symfony HttpFoundation)
[](https://github.com/fruitcake/php-cors/actions)
[](https://github.com/fruitcake/php-cors/actions)
[](https://github.com/fruitcake/php-cors/actions/workflows/run-coverage.yml)
[](http://choosealicense.com/licenses/mit/)
[](https://packagist.org/packages/fruitcake/php-cors)
[](https://packagist.org/packages/fruitcake/php-cors)
[](https://fruitcake.nl/)
Library and middleware enabling cross-origin resource sharing for your
http-{foundation,kernel} using application. It attempts to implement the
[W3C Recommendation] for cross-origin resource sharing.
[W3C Recommendation]: http://www.w3.org/TR/cors/
> Note: This is a standalone fork of https://github.com/asm89/stack-cors and is compatible with the options for CorsService.
## Installation
Require `fruitcake/php-cors` using composer.
## Usage
This package can be used as a library. You can use it in your framework using:
- [Stack middleware](http://stackphp.com/): https://github.com/asm89/stack-cors
- [Laravel](https://laravel.com): https://github.com/fruitcake/laravel-cors
### Options
| Option | Description | Default value |
|------------------------|------------------------------------------------------------|---------------|
| allowedMethods | Matches the request method. | `[]` |
| allowedOrigins | Matches the request origin. | `[]` |
| allowedOriginsPatterns | Matches the request origin with `preg_match`. | `[]` |
| allowedHeaders | Sets the Access-Control-Allow-Headers response header. | `[]` |
| exposedHeaders | Sets the Access-Control-Expose-Headers response header. | `[]` |
| maxAge | Sets the Access-Control-Max-Age response header. | `0` |
| supportsCredentials | Sets the Access-Control-Allow-Credentials header. | `false` |
The _allowedMethods_ and _allowedHeaders_ options are case-insensitive.
You don't need to provide both _allowedOrigins_ and _allowedOriginsPatterns_. If one of the strings passed matches, it is considered a valid origin. A wildcard in allowedOrigins will be converted to a pattern.
If `['*']` is provided to _allowedMethods_, _allowedOrigins_ or _allowedHeaders_ all methods / origins / headers are allowed.
> Note: Allowing a single static origin will improve cacheability.
### Example: using the library
```php
['x-allowed-header', 'x-other-allowed-header'],
'allowedMethods' => ['DELETE', 'GET', 'POST', 'PUT'],
'allowedOrigins' => ['http://localhost', 'https://*.example.com'],
'allowedOriginsPatterns' => ['/localhost:\d/'],
'exposedHeaders' => ['Content-Encoding'],
'maxAge' => 0,
'supportsCredentials' => false,
]);
$cors->addActualRequestHeaders(Response $response, $origin);
$cors->handlePreflightRequest(Request $request);
$cors->isActualRequestAllowed(Request $request);
$cors->isCorsRequest(Request $request);
$cors->isPreflightRequest(Request $request);
```
## License
Released under the MIT License, see [LICENSE](LICENSE).
> This package is split-off from https://github.com/asm89/stack-cors and developed as stand-alone library since 2022