Downloads
Stars
Version
composer.json
"repositories": {
...
"cross" : {
"type": "composer",
"url": "https://packagist.org"
},
...
}
Require the cross/laravel-cors
package in your composer.json
and update your dependencies:
$ composer require cross/laravel-cors dev-master
config/app.php
'providers' => [
...
Cross\Cors\ServiceProvider::class,
...
],
'aliases' => [
...
'cors' => Cross\Cors\FacadeCors::class,
...
]
App/Http/Kernel.php
$app->routeMiddleware([
// ...
'cors' => \Cross\Cors\HandleCors::class,
]);
The defaults are set in config/cors.php
. Copy this file to your own config directory to modify the values. You can publish the config using this command:
$ php artisan vendor:publish --provider="Cross\Cors\ServiceProvider"
Note: When using custom headers, like
X-Auth-Token
orX-Requested-With
, you must set theallowedHeaders
to include those headers. You can also set it toarray('*')
to allow all custom headers.
Note: If you are explicitly whitelisting headers, you must include
Origin
or requests will fail to be recognized as CORS.
return [
/*
|--------------------------------------------------------------------------
| Laravel CORS
|--------------------------------------------------------------------------
|
| allowedOrigins, allowedHeaders and allowedMethods can be set to array('*')
| to accept any value.
|
*/
'supportsCredentials' => false,
'allowedOrigins' => ['*'],
'allowedHeaders' => ['Content-Type', 'X-Requested-With'],
'allowedMethods' => ['*'], // ex: ['GET', 'POST', 'PUT', 'DELETE']
'exposedHeaders' => [],
'maxAge' => 0,
]
allowedOrigins
, allowedHeaders
and allowedMethods
can be set to array('*')
to accept any value.
Released under the MIT License, see LICENSE.