CORS
The CORS (Cross-Origin Resource Sharing) middleware in Lithe configures CORS headers to allow or restrict access to resources from different origins.
Using the CORS Middleware
The CORS middleware in Lithe is responsible for configuring Cross-Origin Resource Sharing headers, allowing or restricting access to your application's resources from different origins. To configure it in your application, add it using the use()
method:
use Lithe\Middleware\Configuration\cors;
$app->use(cors());
Configuring the CORS Middleware
The CORS middleware can be configured with the following parameters:
- origins: Allowed origin(s) for accessing your resources. It can be a string or an array of strings. The default is
'*'
(any origin). - methods: Allowed HTTP methods. The default is
'GET, POST, OPTIONS'
. - headers: Allowed headers. It can be a string or an array of strings. The default is
'Origin, X-Requested-With, Content-Type, Accept'
. - credentials: Indicates if credentials (such as cookies or authorization headers) are allowed. The default is
true
. - maxAge: Time in seconds for caching the results of a preflight request. The default is
null
.
Example configuration:
$app->use(cors([
'origins' => ['https://example.com', 'https://another.com'],
'methods' => 'GET, POST, PUT, DELETE, OPTIONS',
'headers' => ['Content-Type', 'Authorization'],
'credentials' => true,
'maxAge' => 86400,
]));
Middleware Behavior
- Allowed Origins: The middleware sets the
Access-Control-Allow-Origin
header with the allowed origins. - Allowed Methods: Sets the
Access-Control-Allow-Methods
header with the permitted HTTP methods. - Allowed Headers: Sets the
Access-Control-Allow-Headers
header with the allowed headers. - Credentials: Sets the
Access-Control-Allow-Credentials
header to allow credentials if configured astrue
. - Cache Duration: Sets the
Access-Control-Max-Age
header to specify the duration for caching preflight requests. - Handling OPTIONS Requests: The middleware handles OPTIONS (preflight) requests by returning a 200 OK status and terminating the response.
Considerations
- Specific Origins: If you specify concrete origins, only those origins will be able to access your resources.
- HTTP Methods and Headers: Configure the methods and headers according to your application's needs to ensure security and compatibility.
- Preflight Requests: The middleware ensures that OPTIONS requests are handled properly to support preflight requests.