cross/laravel-cors
Adds CORS (Cross-Origin Resource Sharing) headers support in your Laravel application
Downloads
Stars
Version
Installation
composer.json
"repositories": {
...
"cross" : {
"type": "composer",
"url": "https://packagist.org"
},
...
}
Require the cross/laravel-cors package in your composer.json and update your dependencies:
$ composer require cross/laravel-cors dev-master
config/app.php
'providers' => [
...
Cross\Cors\ServiceProvider::class,
...
],
'aliases' => [
...
'cors' => Cross\Cors\FacadeCors::class,
...
]
App/Http/Kernel.php
$app->routeMiddleware([
// ...
'cors' => \Cross\Cors\HandleCors::class,
]);
Configuration
The defaults are set in config/cors.php. Copy this file to your own config directory to modify the values. You can publish the config using this command:
$ php artisan vendor:publish --provider="Cross\Cors\ServiceProvider"
Note: When using custom headers, like
X-Auth-TokenorX-Requested-With, you must set theallowedHeadersto include those headers. You can also set it toarray('*')to allow all custom headers.
Note: If you are explicitly whitelisting headers, you must include
Originor requests will fail to be recognized as CORS.
return [
/*
|--------------------------------------------------------------------------
| Laravel CORS
|--------------------------------------------------------------------------
|
| allowedOrigins, allowedHeaders and allowedMethods can be set to array('*')
| to accept any value.
|
*/
'supportsCredentials' => false,
'allowedOrigins' => ['*'],
'allowedHeaders' => ['Content-Type', 'X-Requested-With'],
'allowedMethods' => ['*'], // ex: ['GET', 'POST', 'PUT', 'DELETE']
'exposedHeaders' => [],
'maxAge' => 0,
]
allowedOrigins, allowedHeaders and allowedMethods can be set to array('*') to accept any value.
License
Released under the MIT License, see LICENSE.
