Last active
November 7, 2023 15:43
-
-
Save yashuarc/10080747 to your computer and use it in GitHub Desktop.
Enabling CORS on CakePHP
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
public function beforeFilter() { | |
parent::beforeFilter(); | |
$this->response->header('Access-Control-Allow-Origin','*'); | |
$this->response->header('Access-Control-Allow-Methods','*'); | |
$this->response->header('Access-Control-Allow-Headers','X-Requested-With'); | |
$this->response->header('Access-Control-Allow-Headers','Content-Type, x-xsrf-token'); | |
$this->response->header('Access-Control-Max-Age','172800'); | |
} |
I want to allow 2 domains and a subdomain. How can I do this? Allowing all the websites/subdomains are not good solution. Any suggestion. Thanks.
The middleware
class CorsMiddleware implements MiddlewareInterface
{
/**
* @inheritDoc
*/
public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
{
// Calling $handler->handle() delegates control to the *next* middleware
// In your application's queue.
$response = $handler->handle($request);
if ($response instanceof Response) {
if ($request instanceof ServerRequest) {
$response = $response
->cors($request)
->allowOrigin(['*'])
->allowMethods(['*'])
->allowHeaders(['*'])
->allowCredentials()
->build()
->withStatus(200, __('You shall pass!!'));
}
}
return $response;
}
}
And in Application.php
->add(new CorsMiddleware()) // Add this line here
// Add routing middleware.
// If you have a large number of routes connected, turning on routes
// caching in production could improve performance.
// See https://github.com/CakeDC/cakephp-cached-routing
->add(new RoutingMiddleware($this))
// Parse various types of encoded request bodies so that they are
// available as array through $request->getData()
// https://book.cakephp.org/4/en/controllers/middleware.html#body-parser-middleware
->add(new BodyParserMiddleware())
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi all,
I have finally found a more structure way in CakePHP 4.x to manage CORS.
I have created a middleware, inspired by the
https://github.com/ozee31/cakephp-cors
that finally manage correctly the OPTIONS preflying call.With the last row
->withStatus(200,'some text here');
it works correctly.I hope this give an help to someone.