-
Notifications
You must be signed in to change notification settings - Fork 1
CORS
Alexandre Debusschère edited this page Aug 17, 2020
·
1 revision
Cross-origin resource sharing (CORS) is a mechanism that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served.
It is usually recommended to set CORS directly in your web server, but if for some reason you want to deal with CORS in PHP, here is the solution: create a new middleware at the beginning of your pipeline.
Create a new CorsMiddleware
class in src/Middleware/CorsMiddleware.php
:
namespace App\Middleware;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\MiddlewareInterface;
use Psr\Http\Server\RequestHandlerInterface;
class CorsMiddleware implements MiddlewareInterface
{
/**
* @inheritDoc
*/
public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
{
return $handler->handle($request)
->withHeader('Access-Control-Allow-Origin', '*')
->withHeader('Access-Control-Allow-Headers', 'X-Requested-With, Content-Type, Accept, Origin, Authorization')
->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, PATCH, OPTIONS');
}
}
You need to place at the beginning of the timeline:
return function (App $app): void {
$app->pipe(ErrorHandlerMiddleware::class);
// Place it here
$app->pipe(CorsMiddleware::class);
$app->pipe(TrailingSlashMiddleware::class);
$app->pipe(ContentLengthMiddleware::class);
$app->pipe('/api', [
ApiMiddleware::class,
BodyParserMiddleware::class
]);
$app->pipe(RouteMiddleware::class);
$app->pipe(ImplicitHeadMiddleware::class);
$app->pipe(ImplicitOptionsMiddleware::class);
$app->pipe(MethodNotAllowedMiddleware::class);
$app->pipe(DispatchMiddleware::class);
$app->pipe(NotFoundHandlerMiddleware::class);
};