W3cubDocs

Class CorsBuilder

A builder object that assists in defining Cross Origin Request related headers.

Each of the methods in this object provide a fluent interface. Once you've set all the headers you want to use, the build() method can be used to return a modified Response.

It is most convenient to get this object via Request::cors().

Namespace: Cake\Network
See: \Cake\Http\Response::cors()
Location: Network/CorsBuilder.php

Properties summary

$_headers protected

array
The headers that have been queued so far.
$_isSsl protected

boolean
Whether or not the request was over SSL.
$_origin protected

string
The request's Origin header value
$_response protected

Cake\Http\Response
The response object this builder is attached to.

Method Summary

__construct() public
Constructor.
_normalizeDomains() protected
Normalize the origin to regular expressions and put in an array format
allowCredentials() public
Enable cookies to be sent in CORS requests.
allowHeaders() public
Whitelist headers that can be sent in CORS requests.
allowMethods() public
Set the list of allowed HTTP Methods.
allowOrigin() public
Set the list of allowed domains.
build() public
Apply the queued headers to the response.
exposeHeaders() public
Define the headers a client library/browser can expose to scripting
maxAge() public
Define the max-age preflight OPTIONS requests are valid for.

Method Detail

__construct()source public

__construct( Cake\Http\Response $response , string $origin , boolean $isSsl false )

Constructor.

Parameters

Cake\Http\Response $response: The response object to add headers onto.
string $origin: The request's Origin header.
boolean $isSsl optional false: Whether or not the request was over SSL.

_normalizeDomains()source protected

_normalizeDomains( array $domains )

Normalize the origin to regular expressions and put in an array format

Parameters

array $domains: Domain names to normalize.

Returns

array

allowCredentials()source public

allowCredentials( )

Enable cookies to be sent in CORS requests.

Returns

$this

allowHeaders()source public

allowHeaders( array $headers )

Whitelist headers that can be sent in CORS requests.

Parameters

array $headers: The list of headers to accept in CORS requests.

Returns

$this

allowMethods()source public

allowMethods( array $methods )

Set the list of allowed HTTP Methods.

Parameters

array $methods: The allowed HTTP methods

Returns

$this

allowOrigin()source public

allowOrigin( string|array $domain )

Set the list of allowed domains.

Accepts a string or an array of domains that have CORS enabled. You can use *.example.com wildcards to accept subdomains, or * to allow all domains

Parameters

string|array $domain: The allowed domains

Returns

$this

build()source public

build( )

Apply the queued headers to the response.

If the builder has no Origin, or if there are no allowed domains, or if the allowed domains do not match the Origin header no headers will be applied.

Returns

Cake\Http\Response

exposeHeaders()source public

exposeHeaders( array $headers )

Define the headers a client library/browser can expose to scripting

Parameters

array $headers: The list of headers to expose CORS responses

Returns

$this

maxAge()source public

maxAge( integer $age )

Define the max-age preflight OPTIONS requests are valid for.

Parameters

integer $age: The max-age for OPTIONS requests in seconds

Returns

$this

Properties detail

$_headerssource

protected array

The headers that have been queued so far.

[]

$_isSslsource

protected boolean

Whether or not the request was over SSL.

$_originsource

protected string

The request's Origin header value

$_responsesource

protected Cake\Http\Response

The response object this builder is attached to.

© 2005–2017 The Cake Software Foundation, Inc.
Licensed under the MIT License.
CakePHP is a registered trademark of Cake Software Foundation, Inc.
We are not endorsed by or affiliated with CakePHP.
https://api.cakephp.org/3.5/class-Cake.Network.CorsBuilder.html