Documentation

CORS
in package

Cross-Origin-Resource-Sharing allows the application to determine whether a user agent referred from another server can access a resource on this server and which parameters the HTTP request may have.

Tags
author

César de la Cal Bretschneider cesar@magic3w.com

Table of Contents

$headers  : Headers
This object is the request being manipulated by the CORS object in question.
__construct()  : mixed
Initialize the CORS manipulator. Please note that the CORS object only provides functions to write to a header, this object cannot read the data it wrote back from the request.
cache()  : $this
Indicates to the user-agent that the pre-flight response should be cached for a given amount of time. Please note that different user-agents enforce different maximum caches, so your mileage may vary.
credentials()  : mixed
Allows the application to decide whether CORS requests should be allowed to send credentials. The header does not support any configuration, it's either true or not.
expose()  : $this
Instructs the user agent to expose the following headers to the application when sending a CORS request. This is only relevant during OPTIONS requests, otherwise the user-agent will ignore them.
headers()  : CORS
Accepts a list of headers that can be passed by the client to the endpoint being invoked. If the developer passes true, the system will accept any header via a CORS request.
methods()  : CORS
Accepts a list of methods that the user-agent may use to perform a cross origin request. Passing a boolean true will whitelist all methods.
origin()  : CORS
Sets the origin the request can be sent from. This should usually be one of the following values:

Properties

$headers

This object is the request being manipulated by the CORS object in question.

private Headers $headers

This object has only setters, and therefore should provide a consistent method chaining API

Methods

__construct()

Initialize the CORS manipulator. Please note that the CORS object only provides functions to write to a header, this object cannot read the data it wrote back from the request.

public __construct(Headers $headers) : mixed
Parameters
$headers : Headers
Return values
mixed

credentials()

Allows the application to decide whether CORS requests should be allowed to send credentials. The header does not support any configuration, it's either true or not.

public credentials([bool $allow = true ]) : mixed
Parameters
$allow : bool = true
Return values
mixed

expose()

Instructs the user agent to expose the following headers to the application when sending a CORS request. This is only relevant during OPTIONS requests, otherwise the user-agent will ignore them.

public expose(array<string|int, mixed>|bool $headers) : $this
Parameters
$headers : array<string|int, mixed>|bool
Return values
$this

headers()

Accepts a list of headers that can be passed by the client to the endpoint being invoked. If the developer passes true, the system will accept any header via a CORS request.

public headers(array<string|int, string>|true $headers) : CORS
Parameters
$headers : array<string|int, string>|true
Return values
CORS

methods()

Accepts a list of methods that the user-agent may use to perform a cross origin request. Passing a boolean true will whitelist all methods.

public methods(array<string|int, string>|true $methods) : CORS

When passing a boolean true, the server will accept requests for all available HTTP methods.

Parameters
$methods : array<string|int, string>|true
Return values
CORS

origin()

Sets the origin the request can be sent from. This should usually be one of the following values:

public origin(bool|string $origin) : CORS

A: True, for request can be performed from any origin. B: False, indicating that CORS is not supported for this endpoint. C: A string with the origin that accepts this, this will usually be $_SERVER['HTTP_REFERER'] server

Parameters
$origin : bool|string
Return values
CORS

Search results