mahmoud-birdsol / cors-laravel
Laravel Cross origin resource sharing package
Requires
- illuminate/http: ^5.2
- illuminate/support: ^5.2
This package is auto-updated.
Last update: 2024-10-24 00:14:06 UTC
README
This package give's a middleware to allow for resource sharing across different origins useful for api development with laravel. This package is still in development more options will be added
Usage
Require the package through composer
composer require mahmoud-birdsol/cors-laravel:dev-master
Add the service provider to the app service providers in config/app.php
/*
* Other Service Providers...
*/
MahmoudBirdsol\CORSLaravel\CORSServiceProvider::class,
Publish the config file (cors.php)
php artisan vendor:publish --provider="MahmoudBirdsol\CORSLaravel\CORSServiceProvider"
Add the middleware to the api route group
'api' => [
'throttle:60,1',
MahmoudBirdsol\CORSLaravel\CORSMiddleware::class,
],
Modify the config/cors.php
file sensible defaults exist for all options except for the allowed origins.
<?php
/*
|--------------------------------------------------------------------------
| CORS, Cross Origin Resource Sharing Config File
|--------------------------------------------------------------------------
|
*/
return [
/*
|--------------------------------------------------------------------------
| Local environment
|--------------------------------------------------------------------------
|
| This options will simple allow for requests without HTTP_ORIGIN to go
| through if set to true an will abort with an unauthorized response
| if false. Also note if the APP_ENV is not set to local in .env
| file this option will be overridden by the .env file option.
|
*/
'local' => true,
/*
|--------------------------------------------------------------------------
| Internal Requests
|--------------------------------------------------------------------------
|
| Internal will simply allow for internal api requests the default is true
| but change to false if you'r app is just an api layer. If set true it
| will allow for dingo API internal requests other wise se to false.
|
*/
'internal' => true,
/*
|--------------------------------------------------------------------------
| Allowed Origins
|--------------------------------------------------------------------------
|
| These are the allowed origins to make requests to this application
| you can add as many origins as your application requires to this
| array each request will be validated through the middleware.
|
| To make all origins allowed just remove the array syntax
| and add *
|
*/
'origins' => [
],
/*
|--------------------------------------------------------------------------
| Access control allow credentials
|--------------------------------------------------------------------------
|
| The credentials variable can be either true or false.
|
*/
'credentials' => true,
/*
|--------------------------------------------------------------------------
| Allowed methods for a CORS request
|--------------------------------------------------------------------------
*/
'methods' => [
'GET',
'POST',
'PATCH',
'PUT',
'DELETE',
'OPTIONS'
],
/*
|--------------------------------------------------------------------------
| Allowed headers for a CORS request
|--------------------------------------------------------------------------
*/
'headers' => [
'Origin',
'Content-Type',
'X-Auth-Token',
'X-Requested-With',
'Authorization',
'Accept',
]
];
And that's it
Extended usage
In most cases you would want to exclude the api route's from the VerifyCsrfToken middleware so in add the api prefix to the except array in the middleware
protected $except = [
'api/*'
];
As an alternative you can have a different routes file for your api routes
first create the routes file routes.api.php
next go to RouteServiceProvider.php
and add the this function
/**
* Define the "api" routes for the application.
*
* These routes receive the api route group middlewares.
*
* @param \Illuminate\Routing\Router $router
* @return void
*/
protected function mapApiRoutes(Router $router)
{
$router->group([
'namespace' => $this->namespace, 'middleware' => 'api',
], function ($router) {
require app_path('Http/routes.api.php');
});
}
And don't forget to call this function in the RouteServiceProvider.php
map
function
/**
* Define the routes for the application.
*
* @param \Illuminate\Routing\Router $router
* @return void
*/
public function map(Router $router)
{
$this->mapWebRoutes($router);
$this->mapApiRoutes($router);
}
For usage with [dingo api] (https://github.com/dingo/api)
In the config/api.php
add the middle ware to default list of API middleware
/*
|--------------------------------------------------------------------------
| API Middleware
|--------------------------------------------------------------------------
|
| Middleware that will be applied globally to all API requests.
|
*/
'middleware' => [
MahmoudBirdsol\CORSLaravel\CORSMiddleware::class,
],
License
Released under the MIT License, see LICENSE.