wernerdweight/cors-bundle

Symfony bundle that handles cross-origin resource sharing headers.

2.0.0 2023-02-21 16:43 UTC

README

Symfony bundle that handles cross-origin resource sharing headers.

Build Status Latest Stable Version Total Downloads License

Installation

1. Download using composer

composer require wernerdweight/cors-bundle

2. Enable the bundle

Enable the bundle in your kernel:

    <?php
    // config/bundles.php
    return [
        // ...
        WernerDweight\CORSBundle\CORSBundle::class => ['all' => true],
    ];

Configuration

None of the configuration keys are mandatory, default values are mentioned in comments.

# config/packages/cors.yaml
cors:
    access_control:
        # if true, Access-Control-Allow-Credentials header will be present and set to true
        allow_credentials: true # default false
        
        # list of allowed origins (present in Access-Control-Allow-Origin header)
        allow_origin:           # default none
            - '*'               # all origins or list specific origins (see next line)
            - 'https://my-origin.com'
        
        # list of allowed headers (present in Access-Control-Allow-Headers header)
        allow_headers:          # default none
            - 'Authorization'
            - 'Content-Type'
            - 'Cache-Control'
            - 'X-Requested-With'
        
        # list of exposed headers (present in Access-Control-Expose-Headers header)
        expose_headers:         # default none
            - 'Content-Disposition'
    
    # list of controllers to target
    target_controllers:         # default 'WernerDweight\CORSBundle\Contrtoller\CORSControllerInterface'
        - '*'                   # all controllers or list specific controllers (see next line)
        - 'My\Controller\SomeInterface'
        - 'Vendor\Bundle\Controller\SomeOtherInterface'

Target controllers

All controllers that implement WernerDweight\CORSBundle\Controller\CORSControllerInterface will be targeted automatically (no configuration required).

If you can't modify the controller (e.g. it's vendor code), you can specify an interface implemented by the vendor controller (be aware that it may also be implemented by some other controllers), or specify the class of the controller itself.

If you want to target all controllers, use * as configuration value for target_controllers.

Usage

Use your API as usual, your preconfigured headers will be present in the response for specified controllers.

Events

The following events are dispatched, so you can hook in the process. For general info on how to use events, please consult the official Symfony documentation.

PreflightRequestInterceptedEvent (wds.cors_bundle.preflight_request_intercepted)
Issued before the response for preflight request is returned. Contains the request and response. You may want to update the response with some arbitrary headers or replace it completely (the default response is a simple 200: OK response with configured headers).

GetResponseHeadersEvent (wds.cors_bundle.get_response_headers)
Issued before the response headers are set to the response. Contains the request and headers (array). You may want to set some custom headers.

License

This bundle is under the MIT license. See the complete license in the root directiory of the bundle.