A builder object that assists in defining Cross Origin Request related headers.
Each of the methods in this object provide a fluent interface. Once you've set all the headers you want to use, the build() method can be used to return a modified Response.
It is most convenient to get this object via Request::cors().
array<string, mixed>The headers that have been queued so far.
boolWhether the request was over SSL.
stringThe request's Origin header value
Psr\Http\Message\MessageInterfaceThe response object this builder is attached to.
Constructor.
Normalize the origin to regular expressions and put in an array format
Enable cookies to be sent in CORS requests.
Allowed headers that can be sent in CORS requests.
Set the list of allowed HTTP Methods.
Set the list of allowed domains.
Apply the queued headers to the response.
Define the headers a client library/browser can expose to scripting
Define the max-age preflight OPTIONS requests are valid for.
__construct(Psr\Http\Message\MessageInterface $response, string $origin, bool $isSsl = false)
Constructor.
Psr\Http\Message\MessageInterface $response The response object to add headers onto.
string $origin The request's Origin header.
bool $isSsl optional Whether the request was over SSL.
_normalizeDomains(array<string> $domains): array
Normalize the origin to regular expressions and put in an array format
array<string> $domains Domain names to normalize.
arrayallowCredentials(): $this
Enable cookies to be sent in CORS requests.
$thisallowHeaders(array<string> $headers): $this
Allowed headers that can be sent in CORS requests.
array<string> $headers The list of headers to accept in CORS requests.
$thisallowMethods(array<string> $methods): $this
Set the list of allowed HTTP Methods.
array<string> $methods The allowed HTTP methods
$thisallowOrigin(array<string>|string $domains): $this
Set the list of allowed domains.
Accepts a string or an array of domains that have CORS enabled. You can use *.example.com wildcards to accept subdomains, or * to allow all domains
array<string>|string $domains The allowed domains
$thisbuild(): Psr\Http\Message\MessageInterface
Apply the queued headers to the response.
If the builder has no Origin, or if there are no allowed domains, or if the allowed domains do not match the Origin header no headers will be applied.
Psr\Http\Message\MessageInterfaceexposeHeaders(array<string> $headers): $this
Define the headers a client library/browser can expose to scripting
array<string> $headers The list of headers to expose CORS responses
$thismaxAge(string|int $age): $this
Define the max-age preflight OPTIONS requests are valid for.
string|int $age The max-age for OPTIONS requests in seconds
$thisThe headers that have been queued so far.
array<string, mixed>Whether the request was over SSL.
boolThe request's Origin header value
stringThe response object this builder is attached to.
Psr\Http\Message\MessageInterface
© 2005–present The Cake Software Foundation, Inc.
Licensed under the MIT License.
CakePHP is a registered trademark of Cake Software Foundation, Inc.
We are not endorsed by or affiliated with CakePHP.
https://api.cakephp.org/4.4/class-Cake.Http.CorsBuilder.html