Class CorsBuilder
A builder object that assists in defining Cross Origin Request related headers.
Each of the methods in this object provide a fluent interface. Once you've
set all the headers you want to use, the build()
method can be used to return
a modified Response.
It is most convenient to get this object via Request::cors()
.
Property Summary
-
$_headers protected
array
The headers that have been queued so far.
-
$_isSsl protected
bool
Whether or not the request was over SSL.
-
$_origin protected
string
The request's Origin header value
-
$_response protected
Cake\Http\Response
The response object this builder is attached to.
Method Summary
-
__construct() public
Constructor.
-
_normalizeDomains() protected
Normalize the origin to regular expressions and put in an array format
-
allowCredentials() public
Enable cookies to be sent in CORS requests.
-
allowHeaders() public
Whitelist headers that can be sent in CORS requests.
-
allowMethods() public
Set the list of allowed HTTP Methods.
-
allowOrigin() public
Set the list of allowed domains.
-
build() public
Apply the queued headers to the response.
-
exposeHeaders() public
Define the headers a client library/browser can expose to scripting
-
maxAge() public
Define the max-age preflight OPTIONS requests are valid for.
Method Detail
__construct() ¶ public
__construct(Cake\Http\Response $response, string $origin, bool $isSsl = false)
Constructor.
Parameters
-
Cake\Http\Response
$response The response object to add headers onto.
-
string
$origin The request's Origin header.
-
bool
$isSsl optional Whether or not the request was over SSL.
_normalizeDomains() ¶ protected
_normalizeDomains(array $domains): array
Normalize the origin to regular expressions and put in an array format
Parameters
-
array
$domains Domain names to normalize.
Returns
array
allowCredentials() ¶ public
allowCredentials(): $this
Enable cookies to be sent in CORS requests.
Returns
$this
allowHeaders() ¶ public
allowHeaders(array $headers): $this
Whitelist headers that can be sent in CORS requests.
Parameters
-
array
$headers The list of headers to accept in CORS requests.
Returns
$this
allowMethods() ¶ public
allowMethods(array $methods): $this
Set the list of allowed HTTP Methods.
Parameters
-
array
$methods The allowed HTTP methods
Returns
$this
allowOrigin() ¶ public
allowOrigin(string|array $domain): $this
Set the list of allowed domains.
Accepts a string or an array of domains that have CORS enabled.
You can use *.example.com
wildcards to accept subdomains, or *
to allow all domains
Parameters
-
string|array
$domain The allowed domains
Returns
$this
build() ¶ public
build(): Cake\Http\Response
Apply the queued headers to the response.
If the builder has no Origin, or if there are no allowed domains, or if the allowed domains do not match the Origin header no headers will be applied.
Returns
Cake\Http\Response
exposeHeaders() ¶ public
exposeHeaders(array $headers): $this
Define the headers a client library/browser can expose to scripting
Parameters
-
array
$headers The list of headers to expose CORS responses
Returns
$this
maxAge() ¶ public
maxAge(int $age): $this
Define the max-age preflight OPTIONS requests are valid for.
Parameters
-
int
$age The max-age for OPTIONS requests in seconds
Returns
$this