Class CorsBuilder
A builder object that assists in defining Cross Origin Request related headers.
Each of the methods in this object provide a fluent interface. Once you've set all the headers you want to use, the build() method can be used to return a modified Response.
It is most convenient to get this object via Request::cors().
Property Summary
-
$_headers protected
array<string, mixed>The headers that have been queued so far.
-
$_isSsl protected
boolWhether the request was over SSL.
-
$_origin protected
stringThe request's Origin header value
-
$_response protected
Psr\Http\Message\MessageInterfaceThe response object this builder is attached to.
Method Summary
__construct() public
Constructor.
_normalizeDomains() protected
Normalize the origin to regular expressions and put in an array format
allowCredentials() public
Enable cookies to be sent in CORS requests.
allowHeaders() public
Allowed headers that can be sent in CORS requests.
allowMethods() public
Set the list of allowed HTTP Methods.
allowOrigin() public
Set the list of allowed domains.
build() public
Apply the queued headers to the response.
exposeHeaders() public
Define the headers a client library/browser can expose to scripting
maxAge() public
Define the max-age preflight OPTIONS requests are valid for.
Method Detail
__construct() public
__construct(Psr\Http\Message\MessageInterface $response, string $origin, bool $isSsl = false)Constructor.
Parameters
Psr\Http\Message\MessageInterface$response-
The response object to add headers onto.
string$origin-
The request's Origin header.
bool$isSsl optional-
Whether the request was over SSL.
_normalizeDomains() protected
_normalizeDomains(array<string> $domains): arrayNormalize the origin to regular expressions and put in an array format
Parameters
array<string>$domains-
Domain names to normalize.
Returns
arrayallowCredentials() public
allowCredentials(): $thisEnable cookies to be sent in CORS requests.
Returns
$thisallowHeaders() public
allowHeaders(array<string> $headers): $thisAllowed headers that can be sent in CORS requests.
Parameters
array<string>$headers-
The list of headers to accept in CORS requests.
Returns
$thisallowMethods() public
allowMethods(array<string> $methods): $thisSet the list of allowed HTTP Methods.
Parameters
array<string>$methods-
The allowed HTTP methods
Returns
$thisallowOrigin() public
allowOrigin(array<string>|string $domains): $thisSet the list of allowed domains.
Accepts a string or an array of domains that have CORS enabled. You can use *.example.com wildcards to accept subdomains, or * to allow all domains
Parameters
array<string>|string$domains-
The allowed domains
Returns
$thisbuild() public
build(): Psr\Http\Message\MessageInterfaceApply the queued headers to the response.
If the builder has no Origin, or if there are no allowed domains, or if the allowed domains do not match the Origin header no headers will be applied.
Returns
Psr\Http\Message\MessageInterfaceexposeHeaders() public
exposeHeaders(array<string> $headers): $thisDefine the headers a client library/browser can expose to scripting
Parameters
array<string>$headers-
The list of headers to expose CORS responses
Returns
$thismaxAge() public
maxAge(string|int $age): $thisDefine the max-age preflight OPTIONS requests are valid for.
Parameters
string|int$age-
The max-age for OPTIONS requests in seconds
Returns
$thisProperty Detail
$_headers protected
The headers that have been queued so far.
Type
array<string, mixed>$_isSsl protected
Whether the request was over SSL.
Type
bool$_origin protected
The request's Origin header value
Type
string$_response protected
The response object this builder is attached to.
Type
Psr\Http\Message\MessageInterface© 2005–present The Cake Software Foundation, Inc.
Licensed under the MIT License.
CakePHP is a registered trademark of Cake Software Foundation, Inc.
We are not endorsed by or affiliated with CakePHP.
https://api.cakephp.org/4.4/class-Cake.Http.CorsBuilder.html