PHP CORS middleware

1.1.0 2018-04-25 20:35 UTC

This package is auto-updated.

Last update: 2022-07-25 22:45:20 UTC


This middleware handles CORS requests and adds cors headers


This middleware can be installed with composer.

$ composer require los/los-cors


  * Set the list of allowed origins domain with protocol.
  * For example:
  * 'allowed_origins' => ['http://www.mysite.com','https://api.mysite.com'],
'allowed_origins' => ['*'],

  * Set the list of HTTP verbs.
'allowed_methods' => ['GET', 'OPTIONS'],

  * Set the list of allowed headers. This is returned in the preflight request to indicate
  * which HTTP headers can be used when making the actual request
'allowed_headers' => ['Authorization', 'Accept', 'Content-Type'],

  * Set the max age of the preflight request in seconds. A non-zero max age means
  * that the preflight will be cached during this amount of time
'max_age' => 120,

  * Set the list of exposed headers. This is a whitelist that authorize the browser
  * to access to some headers using the getResponseHeader() JavaScript method. Please
  * note that this feature is buggy and some browsers do not implement it correctly
'expose_headers' => [],

  * Standard CORS requests do not send or set any cookies by default. For this to work,
  * the client must set the XMLHttpRequest's "withCredentials" property to "true". For
  * this to work, you must set this option to true so that the server can serve
  * the proper response header.
'allowed_credentials' => false,

Zend Expressive

If you are using expressive-skeleton, you can copy config/los-cors.global.php.dist to config/autoload/los-cors.global.php and modify configuration as your needs.