This package adds Cross-Origin Resource Sharing (CORS) support to your Laravel application.
The package is based on Framework agnostic (PSR-7) CORS implementation.
The current version V3 is designed for Laravel 6 or higher. If you use lower Laravel version please use V2.
composer require neomerx/cors-illuminate
For Lumen skip this step and see step 2.2
Create a config file by executing
php artisan vendor:publish --provider="Neomerx\CorsIlluminate\Providers\LaravelServiceProvider"
it will create config/cors-illuminate.php
file in you application.
Add CORS middleware to your HTTP stack at app/Http/Kernel.php
file. The middleware should be added to $middleware
list which is executed for all routes (even non declared in your routes file). Preferably before 'heavy' middleware for performance reasons.
class Kernel extends HttpKernel
{
...
protected $middleware = [
\Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class,
\Neomerx\CorsIlluminate\CorsMiddleware::class, // <== add this line
...
];
...
}
Next see step 3
For Laravel skip this step
In bootstrap/app.php
add CORS to global middleware list
$app->middleware([
...
\Neomerx\CorsIlluminate\CorsMiddleware::class,
]);
and register CORS provider
$app->register(\Neomerx\CorsIlluminate\Providers\LumenServiceProvider::class);
As Lumen does not support vendor:publish
command file vendor/neomerx/cors-illuminate/config/cors-illuminate.php
have to be manually copied to config/cors-illuminate.php
.
Next see step 3
Configuration file is extensively commented so it will be easy for you to set up it for your needs. First settings you need to configure are server origin (URL) and allowed origins
...
/**
* Could be string or array. If specified as array (recommended for
* better performance) it should be in parse_url() result format.
*/
Settings::KEY_SERVER_ORIGIN => [
'scheme' => 'http',
'host' => 'localhost',
'port' => 1337,
],
/**
* A list of allowed request origins (no trail slashes).
* If value is not on the list it is considered as not allowed.
* If you want to allow all origins remove/comment this section.
*/
Settings::KEY_ALLOWED_ORIGINS => [
'http://localhost:4200',
],
...
When exceptions are thrown and responses are created in Laravel/Lumen exception handlers middleware will be excluded from handling responses. It means CORS middleware will not add its CORS headers to responses. For this reason CORS results (including headers) are registered in Laravel/Lumen Container and made accessible from any part of your application including exception handlers.
Code sample for reading CORS headers
use Neomerx\Cors\Contracts\AnalysisResultInterface;
$corsHeaders = [];
if (app()->resolved(AnalysisResultInterface::class) === true) {
/** @var AnalysisResultInterface $result */
$result = app(AnalysisResultInterface::class);
$corsHeaders = $result->getResponseHeaders();
}
This package provides a number of ways how its behaviour could be customized.
The following methods of class CorsMiddleware
could be replaced in descendant classes
getResponseOnError
You can override this method in order to customize error reply.getCorsAnalysis
You can override this method to modify how CORS analysis result is saved to Illuminate Container.getRequestAdapter
You can override this method to replaceIlluminateRequestToPsr7
adapter with another one.
Additionally a custom AnalysisStrategyInterface could be injected by
- overriding
getCreateAnalysisStrategyClosure
method inServiceProvider
for Laravel/Lumen - using Laravel/Lumen Container binding for interface
AnalysisStrategyInterface
Also custom AnalyzerInterface could be injected by
- overriding
getCreateAnalyzerClosure
method inServiceProvider
for Laravel/Lumen - using Laravel/Lumen Container binding for interface
AnalyzerInterface
composer test
Pull requests for documentation and code improvements (PSR-2, tests) are welcome.
This package is using Semantic Versioning.
Apache License (Version 2.0). Please see License File for more information.