neomerx / cors-illuminate by neomerx

CORS (Cross-Origin Resource Sharing) support for Laravel and Lumen
93,545
48
4
Package Data
Maintainer Username: neomerx
Maintainer Contact: info@neomerx.com (neomerx)
Package Create Date: 2015-08-07
Package Last Update: 2020-12-30
Language: PHP
License: Apache-2.0
Last Refreshed: 2024-12-19 03:20:18
Package Statistics
Total Downloads: 93,545
Monthly Downloads: 228
Daily Downloads: 7
Total Stars: 48
Total Watchers: 4
Total Forks: 6
Total Open Issues: 2

Project Management Scrutinizer Code Quality Code Coverage Build Status License

Description

This package adds Cross-Origin Resource Sharing (CORS) support to your Laravel application.

The package is based on Framework agnostic (PSR-7) CORS implementation.

Install

1 Composer

composer require neomerx/cors-illuminate

2.1 Laravel 5.5+

For Laravel prior 5.5 skip this step and see step 2.2

For Lumen skip this step and see step 2.3

Create a config file by executing

php artisan vendor:publish --provider="Neomerx\CorsIlluminate\Providers\LaravelServiceProvider"

it will create config/cors-illuminate.php file in you application.

Next see step 3

2.2 Laravel

For Laravel 5.5+ skip this step and see step 3

For Lumen skip this step and see step 2.3

Add CORS provider by adding the following line to your config/app.php file

<?php

return [

    ...

    'providers' => [

        ...

        \Neomerx\CorsIlluminate\Providers\LaravelServiceProvider::class,

    ],
    
    ...

];

Add CORS middleware to your HTTP stack at app/Http/Kernel.php file. The middleware should be added to $middleware list which is executed for all routes (even non declared in your routes file). Preferably before 'heavy' middleware for performance reasons.

class Kernel extends HttpKernel
{
    ...

    protected $middleware = [
        \Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class,
        \Neomerx\CorsIlluminate\CorsMiddleware::class, // <== add this line
        
        ...
    ];
    
    ...
}

Create a config file by executing

php artisan vendor:publish --provider="Neomerx\CorsIlluminate\Providers\LaravelServiceProvider"

it will create config/cors-illuminate.php file in you application.

Next see step 3

2.3 Lumen

For Laravel skip this step

In bootstrap/app.php add CORS to global middleware list

$app->middleware([
    ...
    \Neomerx\CorsIlluminate\CorsMiddleware::class,
]);

and register CORS provider

$app->register(\Neomerx\CorsIlluminate\Providers\LumenServiceProvider::class);

As Lumen does not support vendor:publish command file vendor/neomerx/cors-illuminate/config/cors-illuminate.php have to be manually copied to config/cors-illuminate.php.

Next see step 3

3 Configuration

Configuration file is extensively commented so it will be easy for you to set up it for your needs. First settings you need to configure are server origin (URL) and allowed origins

    ...
    
    /**
     * Could be string or array. If specified as array (recommended for
     * better performance) it should be in parse_url() result format.
     */
    Settings::KEY_SERVER_ORIGIN => [
        'scheme' => 'http',
        'host'   => 'localhost',
        'port'   => 1337,
    ],

    /**
     * A list of allowed request origins (lower-cased, no trail slashes).
     * Value `true` enables and value `null` disables origin.
     * If value is not on the list it is considered as not allowed.
     * Environment variables could be used for enabling/disabling certain hosts.
     */
    Settings::KEY_ALLOWED_ORIGINS => [
        'http://localhost:4200' => true,
    ],
    
    ...

Exceptions and CORS headers

When exceptions are thrown and responses are created in Laravel/Lumen exception handlers middleware will be excluded from handling responses. It means CORS middleware will not add its CORS headers to responses. For this reason CORS results (including headers) are registered in Laravel/Lumen Container and made accessible from any part of your application including exception handlers.

Code sample for reading CORS headers

$corsHeaders = [];
if (app()->resolved(AnalysisResultInterface::class) === true) {
    /** @var AnalysisResultInterface $result */
    $result = app(AnalysisResultInterface::class);
    $corsHeaders = $result->getResponseHeaders();
}

Customization

This package provides a number of ways how its behaviour could be customized.

The following methods of class CorsMiddleware could be overriden

  • getResponseOnError You can override this method in order to customize error reply.
  • getCorsAnalysis You can override this method to modify how CORS analysis result is saved to Illuminate Container.
  • getRequestAdapter You can override this method to replace IlluminateRequestToPsr7 adapter with another one.

Additionally a custom AnalysisStrategyInterface could be injected by

  • overriding getCreateAnalysisStrategyClosure method in ServiceProvider for Laravel/Lumen
  • using Laravel/Lumen Container binding for interface AnalysisStrategyInterface

Also custom AnalyzerInterface could be injected by

Testing

composer test

Contributing

Pull requests for documentation and code improvements (PSR-2, tests) are welcome.

Versioning

This package is using Semantic Versioning.

License

Apache License (Version 2.0). Please see License File for more information.