Class CorsBuilder

A builder object that assists in defining Cross Origin Request related headers.

Each of the methods in this object provide a fluent interface. Once you've set all the headers you want to use, the build() method can be used to return a modified Response.

It is most convenient to get this object via Request::cors().

Namespace: Cake\Http
See: \Cake\Http\Response::cors()
Location: Http/CorsBuilder.php

Properties summary

  • $_headers protected
    array
    The headers that have been queued so far.
  • $_isSsl protected
    boolean
    Whether or not the request was over SSL.
  • $_origin protected
    string
    The request's Origin header value
  • $_response protected
    Psr\Http\Message\MessageInterface
    The response object this builder is attached to.

Method Summary

  • __construct() public
    Constructor.
  • Normalize the origin to regular expressions and put in an array format
  • Enable cookies to be sent in CORS requests.
  • Whitelist headers that can be sent in CORS requests.
  • Set the list of allowed HTTP Methods.
  • allowOrigin() public
    Set the list of allowed domains.
  • build() public
    Apply the queued headers to the response.
  • Define the headers a client library/browser can expose to scripting
  • maxAge() public
    Define the max-age preflight OPTIONS requests are valid for.

Method Detail

__construct()source public

__construct( Psr\Http\Message\MessageInterface $response , string $origin , boolean $isSsl = false )

Constructor.

Parameters

Psr\Http\Message\MessageInterface $response
The response object to add headers onto.
string $origin
The request's Origin header.
boolean $isSsl optional false
Whether or not the request was over SSL.

_normalizeDomains()source protected

_normalizeDomains( array $domains )

Normalize the origin to regular expressions and put in an array format

Parameters

array $domains
Domain names to normalize.

Returns

array

allowCredentials()source public

allowCredentials( )

Enable cookies to be sent in CORS requests.

Returns


$this

allowHeaders()source public

allowHeaders( array $headers )

Whitelist headers that can be sent in CORS requests.

Parameters

array $headers
The list of headers to accept in CORS requests.

Returns


$this

allowMethods()source public

allowMethods( array $methods )

Set the list of allowed HTTP Methods.

Parameters

array $methods
The allowed HTTP methods

Returns


$this

allowOrigin()source public

allowOrigin( string|array $domain )

Set the list of allowed domains.

Accepts a string or an array of domains that have CORS enabled. You can use *.example.com wildcards to accept subdomains, or * to allow all domains

Parameters

string|array $domain
The allowed domains

Returns


$this

build()source public

build( )

Apply the queued headers to the response.

If the builder has no Origin, or if there are no allowed domains, or if the allowed domains do not match the Origin header no headers will be applied.

Returns

Psr\Http\Message\MessageInterface
A new instance of the response with new headers.

exposeHeaders()source public

exposeHeaders( array $headers )

Define the headers a client library/browser can expose to scripting

Parameters

array $headers
The list of headers to expose CORS responses

Returns


$this

maxAge()source public

maxAge( integer $age )

Define the max-age preflight OPTIONS requests are valid for.

Parameters

integer $age
The max-age for OPTIONS requests in seconds

Returns


$this

Properties detail

$_headerssource

protected array

The headers that have been queued so far.

[]

$_isSslsource

protected boolean

Whether or not the request was over SSL.

$_originsource

protected string

The request's Origin header value

$_responsesource

protected Psr\Http\Message\MessageInterface

The response object this builder is attached to.

© 2005–present The Cake Software Foundation, Inc.
Licensed under the MIT License.
CakePHP is a registered trademark of Cake Software Foundation, Inc.
We are not endorsed by or affiliated with CakePHP.
https://api.cakephp.org/3.6/class-Cake.Http.CorsBuilder.html