CakePHP
  • Documentation
    • Book
    • API
    • Videos
    • Reporting Security Issues
    • Privacy Policy
    • Logos & Trademarks
  • Business Solutions
  • Swag
  • Road Trip
  • Team
  • Community
    • Community
    • Get Involved
    • Issues (Github)
    • Bakery
    • Featured Resources
    • Training
    • Meetups
    • My CakePHP
    • CakeFest
    • Newsletter
    • Linkedin
    • YouTube
    • Facebook
    • Twitter
    • Mastodon
    • Help & Support
    • Forum
    • Stack Overflow
    • IRC
    • Slack
    • Paid Support
CakePHP

C CakePHP 5.1 Chiffon API

  • Project:
    • CakePHP
      • CakePHP
      • Chronos
      • Elastic Search
      • Queue
  • Version:
    • 5.1
      • 5.1
      • 5.0
      • 4.5
      • 4.4
      • 4.3
      • 4.2
      • 4.1
      • 4.0
      • 3.10
      • 3.9
      • 3.8
      • 3.7
      • 3.6
      • 3.5
      • 3.4
      • 3.3
      • 3.2
      • 3.1
      • 3.0
      • 2.10
      • 2.9
      • 2.8
      • 2.7
      • 2.6
      • 2.5
      • 2.4
      • 2.3
      • 2.2
      • 2.1
      • 2.0
      • 1.3
      • 1.2

Namespaces

  • Global
  • Cake
    • Cache
    • Collection
    • Command
    • Console
    • Controller
    • Core
    • Database
    • Datasource
    • Error
    • Event
    • Form
    • Http
      • Client
      • Cookie
      • Exception
      • Middleware
      • Session
      • TestSuite
    • I18n
    • Log
    • Mailer
    • Network
    • ORM
    • Routing
    • TestSuite
    • Utility
    • Validation
    • View

Class CorsBuilder

A builder object that assists in defining Cross Origin Request related headers.

Each of the methods in this object provide a fluent interface. Once you've set all the headers you want to use, the build() method can be used to return a modified Response.

It is most convenient to get this object via Response::cors().

Namespace: Cake\Http
See: \Cake\Http\Response::cors()

Property Summary

  • $_headers protected
    array<string, mixed>

    The headers that have been queued so far.

  • $_isSsl protected
    bool

    Whether the request was over SSL.

  • $_origin protected
    string

    The request's Origin header value

  • $_response protected
    Psr\Http\Message\ResponseInterface

    The response object this builder is attached to.

Method Summary

  • __construct() public

    Constructor.

  • _normalizeDomains() protected

    Normalize the origin to regular expressions and put in an array format

  • allowCredentials() public

    Enable cookies to be sent in CORS requests.

  • allowHeaders() public

    Allowed headers that can be sent in CORS requests.

  • allowMethods() public

    Set the list of allowed HTTP Methods.

  • allowOrigin() public

    Set the list of allowed domains.

  • build() public

    Apply the queued headers to the response.

  • exposeHeaders() public

    Define the headers a client library/browser can expose to scripting

  • maxAge() public

    Define the max-age preflight OPTIONS requests are valid for.

Method Detail

__construct() ¶ public 

__construct(Psr\Http\Message\ResponseInterface $response, string $origin, bool $isSsl = false)

Constructor.

Parameters
Psr\Http\Message\ResponseInterface $response

The response object to add headers onto.

string $origin

The request's Origin header.

bool $isSsl optional

Whether the request was over SSL.

_normalizeDomains() ¶ protected 

_normalizeDomains(list<string> $domains): array<array<string, string>>

Normalize the origin to regular expressions and put in an array format

Parameters
list<string> $domains

Domain names to normalize.

Returns
array<array<string, string>>

allowCredentials() ¶ public 

allowCredentials(): $this

Enable cookies to be sent in CORS requests.

Returns
$this

allowHeaders() ¶ public 

allowHeaders(list<string> $headers): $this

Allowed headers that can be sent in CORS requests.

Parameters
list<string> $headers

The list of headers to accept in CORS requests.

Returns
$this

allowMethods() ¶ public 

allowMethods(list<string> $methods): $this

Set the list of allowed HTTP Methods.

Parameters
list<string> $methods

The allowed HTTP methods

Returns
$this

allowOrigin() ¶ public 

allowOrigin(list<string>|string $domains): $this

Set the list of allowed domains.

Accepts a string or an array of domains that have CORS enabled. You can use *.example.com wildcards to accept subdomains, or * to allow all domains

Parameters
list<string>|string $domains

The allowed domains

Returns
$this

build() ¶ public 

build(): Psr\Http\Message\ResponseInterface

Apply the queued headers to the response.

If the builder has no Origin, or if there are no allowed domains, or if the allowed domains do not match the Origin header no headers will be applied.

Returns
Psr\Http\Message\ResponseInterface

exposeHeaders() ¶ public 

exposeHeaders(list<string> $headers): $this

Define the headers a client library/browser can expose to scripting

Parameters
list<string> $headers

The list of headers to expose CORS responses

Returns
$this

maxAge() ¶ public 

maxAge(string|int $age): $this

Define the max-age preflight OPTIONS requests are valid for.

Parameters
string|int $age

The max-age for OPTIONS requests in seconds

Returns
$this

Property Detail

$_headers ¶ protected

The headers that have been queued so far.

Type
array<string, mixed>

$_isSsl ¶ protected

Whether the request was over SSL.

Type
bool

$_origin ¶ protected

The request's Origin header value

Type
string

$_response ¶ protected

The response object this builder is attached to.

Type
Psr\Http\Message\ResponseInterface
OpenHub
Pingping
Linode
  • Business Solutions
  • Showcase
  • Documentation
  • Book
  • API
  • Videos
  • Reporting Security Issues
  • Privacy Policy
  • Logos & Trademarks
  • Community
  • Get Involved
  • Issues (Github)
  • Bakery
  • Featured Resources
  • Training
  • Meetups
  • My CakePHP
  • CakeFest
  • Newsletter
  • Linkedin
  • YouTube
  • Facebook
  • Twitter
  • Mastodon
  • Help & Support
  • Forum
  • Stack Overflow
  • IRC
  • Slack
  • Paid Support

Generated using CakePHP API Docs