creatuity / magento-2-cors-requests
Enabling cross-origin resource sharing (CORS) requests to Magento 2 API from configured Origin domain
Installs: 3 796
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 1
Forks: 30
Open Issues: 0
Type:magento2-module
Requires
- php: ^8.1
- magento/framework: *
This package is auto-updated.
Last update: 2024-11-12 14:47:36 UTC
README
Forked from splashlab/magento-2-cors-requests: https://github.com/splashlab/magento-2-cors-requests
This module allows you to enable Cross-Origin Resource Sharing (CORS) REST API requests in Magento 2 by adding the appropriate HTTP headers and handling the pre-flight OPTIONS requests.
This can be used to allow AJAX and other requests to the Magento 2 REST API from another domain (or subdomain).
How to install
1. via composer
Edit composer.json
{
"repositories": [
{
"type": "vcs",
"url": "https://github.com/creatuity/magento-2-cors-requests.git"
}
],
"require": {
"creatuity/magento-2-cors-requests": "dev-master"
}
}
composer install
php bin/magento setup:upgrade
php bin/magento setup:static-content:deploy
2. Copy and paste
Download latest version from GitHub
Paste into app/code/Creatuity/CorsRequests
directory
php bin/magento setup:upgrade
php bin/magento setup:static-content:deploy
3. Update Origin URL
In Stores -> Configuration
, go to General -> Web -> CORS Requests Configuration
.
Then edit the CORS Origin Url
field to the domain you want to enable cross-domain requests from. (i.e. http://example.com)
How does it work?
The full implementation of CORS cross-domain HTTP requests is outside the scope of this README, but this is what this module does:
- Allows configuring an Origin Url in the Admin Configuration area - this is the domain which cross-domain requests are permitted from
- This domain is added to a
Access-Control-Allow-Origin
response HTTP header - Optionally you can enable the
Access-Control-Allow-Credentials
header as well, to enable passing cookies
For non-GET and non-standard-POST requests (i.e. PUT and DELETE), the "pre-flight check" OPTIONS request is handled by:
- An empty
/V1/cors/check
API response with the appropriate headers: Access-Control-Allow-Methods
response header, which mirrors theAccess-Control-Request-Method
request headerAccess-Control-Allow-Headers
response header, which mirrors theAccess-Control-Request-Headers
request header