Class CorsBuilder

A builder object that assists in defining Cross Origin Request related headers.

Each of the methods in this object provide a fluent interface. Once you've set all the headers you want to use, the build() method can be used to return a modified Response.

It is most convenient to get this object via Request::cors().

Namespace: Cake\Http

Properties summary

  • $_headers protected
    array

    The headers that have been queued so far.

  • $_isSsl protected
    bool

    Whether or not the request was over SSL.

  • $_origin protected
    string

    The request's Origin header value

  • $_response protected
    \Psr\Http\Message\MessageInterface

    The response object this builder is attached to.

Method Summary

  • __construct() public

    Constructor.

  • _normalizeDomains() protected

    Normalize the origin to regular expressions and put in an array format

  • allowCredentials() public

    Enable cookies to be sent in CORS requests.

  • allowHeaders() public

    Allowed headers that can be sent in CORS requests.

  • allowMethods() public

    Set the list of allowed HTTP Methods.

  • allowOrigin() public

    Set the list of allowed domains.

  • build() public

    Apply the queued headers to the response.

  • exposeHeaders() public

    Define the headers a client library/browser can expose to scripting

  • maxAge() public

    Define the max-age preflight OPTIONS requests are valid for.

Method Detail

__construct() public 

__construct(\Psr\Http\Message\MessageInterface $response, string $origin, bool $isSsl)

Constructor.

Parameters

\Psr\Http\Message\MessageInterface $response

The response object to add headers onto.

string $origin

The request's Origin header.

bool $isSsl optional

Whether or not the request was over SSL.

_normalizeDomains() protected 

_normalizeDomains(array $domains)

Normalize the origin to regular expressions and put in an array format

Parameters

string[] $domains

Domain names to normalize.

Returns

array

allowCredentials() public 

allowCredentials()

Enable cookies to be sent in CORS requests.

Returns

$this

allowHeaders() public 

allowHeaders(array $headers)

Allowed headers that can be sent in CORS requests.

Parameters

string[] $headers

The list of headers to accept in CORS requests.

Returns

$this

allowMethods() public 

allowMethods(array $methods)

Set the list of allowed HTTP Methods.

Parameters

string[] $methods

The allowed HTTP methods

Returns

$this

allowOrigin() public 

allowOrigin(mixed $domains)

Set the list of allowed domains.

Accepts a string or an array of domains that have CORS enabled. You can use *.example.com wildcards to accept subdomains, or * to allow all domains

Parameters

string|string[] $domains

The allowed domains

Returns

$this

build() public 

build()

Apply the queued headers to the response.

If the builder has no Origin, or if there are no allowed domains, or if the allowed domains do not match the Origin header no headers will be applied.

Returns

\Psr\Http\Message\MessageInterface

A new instance of the response with new headers.

exposeHeaders() public 

exposeHeaders(array $headers)

Define the headers a client library/browser can expose to scripting

Parameters

string[] $headers

The list of headers to expose CORS responses

Returns

$this

maxAge() public 

maxAge(mixed $age)

Define the max-age preflight OPTIONS requests are valid for.

Parameters

int|string $age

The max-age for OPTIONS requests in seconds

Returns

$this

Property Detail

$_headers protected

The headers that have been queued so far.

Type

array

$_isSsl protected

Whether or not the request was over SSL.

Type

bool

$_origin protected

The request's Origin header value

Type

string

$_response protected

The response object this builder is attached to.

Type

\Psr\Http\Message\MessageInterface

© 2005–present The Cake Software Foundation, Inc.
Licensed under the MIT License.
CakePHP is a registered trademark of Cake Software Foundation, Inc.
We are not endorsed by or affiliated with CakePHP.
https://api.cakephp.org/4.1/class-Cake.Http.CorsBuilder.html