bradleyhodges/api-manager

CORS
in package

CORS class to manage Cross-Origin Resource Sharing (CORS) in a secure and RFC-compliant manner.

This class provides methods to handle CORS requests and integrates optional logging functionality.

Table of Contents

Methods

__construct()  : mixed
CORS constructor.
handleCORS()  : void
Handles Cross-Origin Resource Sharing (CORS) requests in an RFC-compliant manner.
setResponseManager()  : void
Sets the response manager instance to use for sending HTTP responses.

Methods

__construct()

CORS constructor.

public __construct(ErrorLogger $errorLogger) : mixed

Initializes the CORS handler with an error logger instance.

Parameters
$errorLogger : ErrorLogger

The logger instance to use for error logging.

handleCORS()

Handles Cross-Origin Resource Sharing (CORS) requests in an RFC-compliant manner.

public handleCORS([array<string|int, mixed>|null $allowedOrigins = null ][, bool $allowCredentials = false ][, array<string|int, mixed> $allowedMethods = ['GET', 'POST', 'OPTIONS'] ][, array<string|int, mixed> $allowedHeaders = ['Content-Type', 'Authorization'] ][, array<string|int, mixed> $exposedHeaders = [] ][, int $maxAge = 86400 ]) : void

Sends the necessary headers to allow cross-origin requests from approved origins.

Parameters
$allowedOrigins : array<string|int, mixed>|null = null

An array of allowed origins. If null or empty, no origins are allowed. The origins must be fully qualified domain names (e.g., https://example.com).

$allowCredentials : bool = false

Whether to allow credentials (cookies, authorization headers, etc.).

$allowedMethods : array<string|int, mixed> = ['GET', 'POST', 'OPTIONS']

The allowed HTTP methods for CORS requests (e.g., ['GET', 'POST']).

$allowedHeaders : array<string|int, mixed> = ['Content-Type', 'Authorization']

The allowed custom headers for CORS requests (e.g., ['Content-Type', 'Authorization']).

$exposedHeaders : array<string|int, mixed> = []

The headers that are safe to expose to the client (e.g., ['X-Custom-Header']).

$maxAge : int = 86400

The time in seconds that the results of a preflight request can be cached (default: 86400).

Tags
throws
Exception

If an unsupported HTTP method is requested during preflight OPTIONS checks.

throws
RuntimeException

If headers have already been sent before calling this function.

setResponseManager()

Sets the response manager instance to use for sending HTTP responses.

public setResponseManager(ApiResponseManager $apiResponseManager) : void
Parameters
$apiResponseManager : ApiResponseManager 

        

        
    




    

    

                                

                

                                
    

        On this page

        
    


                

                            

            

    

        

            
Search results