Skip to content

Instantly share code, notes, and snippets.



Created Aug 27, 2020
What would you like to do?
# allow all methods
header('Access-Control-Allow-Methods: POST, GET, PUT, PATCH, DELETE, OPTIONS');
# allow some headers
header('Access-Control-Allow-Headers: Authorization, Bearer, Device, Origin, Accept, Content-Type');
# allow expose some headers
header('Access-Control-Expose-Headers: Authorization, Bearer, Device');
# get the request method
$method = $_SERVER['REQUEST_METHOD'] ?? null;
# check if method is OPTIONS...
if (strtoupper($method) === 'OPTIONS') {
# ...detects if there is an origin
$origin = $_SERVER['HTTP_ORIGIN'] ?? '*';
# allow origin
header("Access-Control-Allow-Origin: {$origin}");
# allow credentials (optional)
header('Access-Control-Allow-Credentials: true');
// your code here...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.