CakePHP
  • Documentation
    • Book
    • API
    • Videos
    • Reporting Security Issues
    • Privacy Policy
    • Logos & Trademarks
  • Business Solutions
  • Swag
  • Road Trip
  • Team
  • Community
    • Community
    • Get Involved
    • Issues (Github)
    • Bakery
    • Featured Resources
    • Training
    • Meetups
    • My CakePHP
    • CakeFest
    • Newsletter
    • Linkedin
    • YouTube
    • Facebook
    • Twitter
    • Mastodon
    • Help & Support
    • Forum
    • Stack Overflow
    • IRC
    • Slack
    • Paid Support
CakePHP

C CakePHP 3.4 Red Velvet API

  • Project:
    • CakePHP
      • CakePHP
      • Authentication
      • Authorization
      • Chronos
      • Elastic Search
      • Queue
  • Version:
    • 3.4
      • 5.2
      • 5.1
      • 5.0
      • 4.6
      • 4.5
      • 4.4
      • 4.3
      • 4.2
      • 4.1
      • 4.0
      • 3.10
      • 3.9
      • 3.8
      • 3.7
      • 3.6
      • 3.5
      • 3.4
      • 3.3
      • 3.2
      • 3.1
      • 3.0
      • 2.10
      • 2.9
      • 2.8
      • 2.7
      • 2.6
      • 2.5
      • 2.4
      • 2.3
      • 2.2
      • 2.1
      • 2.0
      • 1.3
      • 1.2

Namespaces

  • Global
  • Cake
    • Auth
    • Cache
    • Collection
    • Console
    • Controller
    • Core
    • Database
    • Datasource
    • Error
    • Event
    • Filesystem
    • Form
    • Http
    • I18n
    • Log
    • Mailer
    • Network
      • Exception
      • Session
    • ORM
    • Routing
    • Shell
    • TestSuite
    • Utility
    • Validation
    • View

Class CorsBuilder

A builder object that assists in defining Cross Origin Request related headers.

Each of the methods in this object provide a fluent interface. Once you've set all the headers you want to use, the build() method can be used to return a modified Response.

It is most convenient to get this object via Request::cors().

Namespace: Cake\Network
See: \Cake\Http\Response::cors()

Property Summary

  • $_headers protected
    array

    The headers that have been queued so far.

  • $_isSsl protected
    bool

    Whether or not the request was over SSL.

  • $_origin protected
    string

    The request's Origin header value

  • $_response protected
    Cake\Http\Response

    The response object this builder is attached to.

Method Summary

  • __construct() public

    Constructor.

  • _normalizeDomains() protected

    Normalize the origin to regular expressions and put in an array format

  • allowCredentials() public

    Enable cookies to be sent in CORS requests.

  • allowHeaders() public

    Whitelist headers that can be sent in CORS requests.

  • allowMethods() public

    Set the list of allowed HTTP Methods.

  • allowOrigin() public

    Set the list of allowed domains.

  • build() public

    Apply the queued headers to the response.

  • exposeHeaders() public

    Define the headers a client library/browser can expose to scripting

  • maxAge() public

    Define the max-age preflight OPTIONS requests are valid for.

Method Detail

__construct() ¶ public 

__construct(Cake\Http\Response $response, string $origin, bool $isSsl = false)

Constructor.

Parameters
Cake\Http\Response $response

The response object to add headers onto.

string $origin

The request's Origin header.

bool $isSsl optional

Whether or not the request was over SSL.

_normalizeDomains() ¶ protected 

_normalizeDomains(array $domains): array

Normalize the origin to regular expressions and put in an array format

Parameters
array $domains

Domain names to normalize.

Returns
array

allowCredentials() ¶ public 

allowCredentials(): $this

Enable cookies to be sent in CORS requests.

Returns
$this

allowHeaders() ¶ public 

allowHeaders(array $headers): $this

Whitelist headers that can be sent in CORS requests.

Parameters
array $headers

The list of headers to accept in CORS requests.

Returns
$this

allowMethods() ¶ public 

allowMethods(array $methods): $this

Set the list of allowed HTTP Methods.

Parameters
array $methods

The allowed HTTP methods

Returns
$this

allowOrigin() ¶ public 

allowOrigin(string|array $domain): $this

Set the list of allowed domains.

Accepts a string or an array of domains that have CORS enabled. You can use *.example.com wildcards to accept subdomains, or * to allow all domains

Parameters
string|array $domain

The allowed domains

Returns
$this

build() ¶ public 

build(): Cake\Http\Response

Apply the queued headers to the response.

If the builder has no Origin, or if there are no allowed domains, or if the allowed domains do not match the Origin header no headers will be applied.

Returns
Cake\Http\Response

exposeHeaders() ¶ public 

exposeHeaders(array $headers): $this

Define the headers a client library/browser can expose to scripting

Parameters
array $headers

The list of headers to expose CORS responses

Returns
$this

maxAge() ¶ public 

maxAge(int $age): $this

Define the max-age preflight OPTIONS requests are valid for.

Parameters
int $age

The max-age for OPTIONS requests in seconds

Returns
$this

Property Detail

$_headers ¶ protected

The headers that have been queued so far.

Type
array

$_isSsl ¶ protected

Whether or not the request was over SSL.

Type
bool

$_origin ¶ protected

The request's Origin header value

Type
string

$_response ¶ protected

The response object this builder is attached to.

Type
Cake\Http\Response
OpenHub
Pingping
Linode
  • Business Solutions
  • Showcase
  • Documentation
  • Book
  • API
  • Videos
  • Reporting Security Issues
  • Privacy Policy
  • Logos & Trademarks
  • Community
  • Get Involved
  • Issues (Github)
  • Bakery
  • Featured Resources
  • Training
  • Meetups
  • My CakePHP
  • CakeFest
  • Newsletter
  • Linkedin
  • YouTube
  • Facebook
  • Twitter
  • Mastodon
  • Help & Support
  • Forum
  • Stack Overflow
  • IRC
  • Slack
  • Paid Support

Generated using CakePHP API Docs