Class CorsBuilder
A builder object that assists in defining Cross Origin Request related headers.
Each of the methods in this object provide a fluent interface. Once you've set all the headers you want to use, the build()
method can be used to return a modified Response.
It is most convenient to get this object via Request::cors()
.
Properties summary
-
$_headers
protectedThe headers that have been queued so far.array
-
$_isSsl
protectedWhether or not the request was over SSL.boolean
-
$_origin
protectedThe request's Origin header valuestring
-
$_response
protectedThe response object this builder is attached to.Psr\Http\Message\MessageInterface
Method Summary
- __construct() publicConstructor.
- _normalizeDomains() protectedNormalize the origin to regular expressions and put in an array format
- allowCredentials() publicEnable cookies to be sent in CORS requests.
- allowHeaders() publicWhitelist headers that can be sent in CORS requests.
- allowMethods() publicSet the list of allowed HTTP Methods.
- allowOrigin() publicSet the list of allowed domains.
- build() publicApply the queued headers to the response.
- exposeHeaders() publicDefine the headers a client library/browser can expose to scripting
- maxAge() publicDefine the max-age preflight OPTIONS requests are valid for.
Method Detail
__construct()source public
__construct( Psr\Http\Message\MessageInterface $response , string $origin , boolean $isSsl = false )
Constructor.
Parameters
- Psr\Http\Message\MessageInterface
$response
- The response object to add headers onto.
- string
$origin
- The request's Origin header.
- boolean
$isSsl
optional false - Whether or not the request was over SSL.
_normalizeDomains()source protected
_normalizeDomains( array $domains )
Normalize the origin to regular expressions and put in an array format
Parameters
- array
$domains
- Domain names to normalize.
Returns
arrayallowCredentials()source public
allowCredentials( )
Enable cookies to be sent in CORS requests.
Returns
$this
allowHeaders()source public
allowHeaders( array $headers )
Whitelist headers that can be sent in CORS requests.
Parameters
- array
$headers
- The list of headers to accept in CORS requests.
Returns
$this
allowMethods()source public
allowMethods( array $methods )
Set the list of allowed HTTP Methods.
Parameters
- array
$methods
- The allowed HTTP methods
Returns
$this
allowOrigin()source public
allowOrigin( string|array $domain )
Set the list of allowed domains.
Accepts a string or an array of domains that have CORS enabled. You can use *.example.com
wildcards to accept subdomains, or *
to allow all domains
Parameters
- string|array
$domain
- The allowed domains
Returns
$this
build()source public
build( )
Apply the queued headers to the response.
If the builder has no Origin, or if there are no allowed domains, or if the allowed domains do not match the Origin header no headers will be applied.
Returns
Psr\Http\Message\MessageInterfaceA new instance of the response with new headers.
exposeHeaders()source public
exposeHeaders( array $headers )
Define the headers a client library/browser can expose to scripting
Parameters
- array
$headers
- The list of headers to expose CORS responses
Returns
$this
maxAge()source public
maxAge( integer $age )
Define the max-age preflight OPTIONS requests are valid for.
Parameters
- integer
$age
- The max-age for OPTIONS requests in seconds
Returns
$this
Properties detail
$_responsesource
protected Psr\Http\Message\MessageInterface
The response object this builder is attached to.
© 2005–present The Cake Software Foundation, Inc.
Licensed under the MIT License.
CakePHP is a registered trademark of Cake Software Foundation, Inc.
We are not endorsed by or affiliated with CakePHP.
https://api.cakephp.org/3.6/class-Cake.Http.CorsBuilder.html