定制 spatie/laravel-cors 二次开发

按需修改功能、优化性能、对接业务系统,提供一站式技术支持

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

spatie/laravel-cors

最新稳定版本:1.7.0

Composer 安装命令:

composer require spatie/laravel-cors

包简介

Send CORS headers in a Laravel or Lumen application

README 文档

README

We have abandoned this package because Laravel 7 introduced native support for CORS. Only use this package if you're on Laravel 6 or below.

Send CORS headers in a Laravel application

Latest Version on Packagist Build Status Quality Score StyleCI Total Downloads

This package will add CORS headers to the responses of your Laravel or Lumen app. For more infomation about CORS, see the Mozilla CORS documentation.

This package supports preflight requests and is easily configurable to fit your needs.

Installation

Laravel

You can install the package via Composer:

composer require spatie/laravel-cors

The package will automatically register its service provider.

The provided Spatie\Cors\Cors middleware must be registered in the global middleware group.

// app/Http/Kernel.php

protected $middleware = [
    ...
    \Spatie\Cors\Cors::class
];
php artisan vendor:publish --provider="Spatie\Cors\CorsServiceProvider" --tag="config"

This is the default content of the config file published at config/cors.php:

return [
    /*
     * A cors profile determines which origins, methods, headers are allowed for
     * a given requests. The `DefaultProfile` reads its configuration from this
     * config file.
     *
     * You can easily create your own cors profile.
     * More info: https://github.com/spatie/laravel-cors/#creating-your-own-cors-profile
     */
    'cors_profile' => Spatie\Cors\CorsProfile\DefaultProfile::class,

    /*
     * This configuration is used by `DefaultProfile`.
     */
    'default_profile' => [

        'allow_credentials' => false,

        'allow_origins' => [
            '*',
        ],

        'allow_methods' => [
            'POST',
            'GET',
            'OPTIONS',
            'PUT',
            'PATCH',
            'DELETE',
        ],

        'allow_headers' => [
            'Content-Type',
            'X-Auth-Token',
            'Origin',
            'Authorization',
        ],

        'expose_headers' => [
            'Cache-Control',
            'Content-Language',
            'Content-Type',
            'Expires',
            'Last-Modified',
            'Pragma',
        ],

        'forbidden_response' => [
            'message' => 'Forbidden (cors).',
            'status' => 403,
        ],

        /*
         * Preflight request will respond with value for the max age header.
         */
        'max_age' => 60 * 60 * 24,
    ],
];

Lumen

You can install the package via Composer:

composer require spatie/laravel-cors

Copy the config file from the vendor directory:

cp vendor/spatie/laravel-cors/config/cors.php config/cors.php

Register the config file, the middleware and the service provider in bootstrap/app.php:

$app->configure('cors');

$app->middleware([
    Spatie\Cors\Cors::class,
]);

$app->register(Spatie\Cors\CorsServiceProvider::class);

Usage

With the middleware installed your API routes should now get appropriate CORS headers. Preflight requests will be handled as well. If a request comes in that is not allowed, Laravel will return a 403 response.

The default configuration of this package allows all requests from any origin (denoted as '*'). You probably want to at least specify some origins relevant to your project. If you want to allow requests to come in from https://spatie.be and https://laravel.com add those domains to the config file:

// config/cors.php

    ...
    'default_profile' => [

    'allow_origins' => [
        'https://spatie.be',
        'https://laravel.com',
    ],
    ...
...

If you, for example, want to allow all subdomains from a specific domain, you can use the wildcard asterisk (*) and specifiy that:

// config/cors.php

    ...
    'default_profile' => [

    'allow_origins' => [
        'https://spatie.be',
        'https://laravel.com',

        'https://*.spatie.be',
        'https://*.laravel.com',
    ],
    ...
...

Creating your own CORS profile

Imagine you want to specify allowed origins based on the user that is currently logged in. In that case the DefaultProfile which just reads the config file won't cut it. Fortunately it's very easy to write your own CORS profile, which is simply a class that extends Spatie\Cors\DefaultProfile.

Here's a quick example where it is assumed that you've already added an allowed_domains column on your user model:

namespace App\Services\Cors;

use Spatie\Cors\CorsProfile\DefaultProfile;

class UserBasedCorsProfile extends DefaultProfile
{
    public function allowOrigins(): array
    {
        return Auth::user()->allowed_domains;
    }
}

You can override the default HTTP status code and message returned when a request is forbidden by editing the forbidden_response array in your configuration file:

'forbidden_response' => [
    'message' => 'Your request failed',
    'status' => 400,
],

Don't forget to register your profile in the config file.

// config/cors.php

 ...
 'cors_profile' => App\Services\Cors\UserBasedCorsProfile::class,
 ...

In the example above we've overwritten the allowOrigins method, but of course you may choose to override any of the methods present in DefaultProfile.

Testing

composer test

Changelog

Please see CHANGELOG for more information what has changed recently.

Contributing

Please see CONTRIBUTING for details.

Security

If you discover any security related issues, please email freek@spatie.be instead of using the issue tracker.

Alternatives

  • barryvdh/laravel-cors: a tried and tested package. Our package is a modern rewrite of the basic features of Barry's excellent one. We created our own solution because we needed our configuration to be very flexible.

Postcardware

You're free to use this package, but if it makes it to your production environment we highly appreciate you sending us a postcard from your hometown, mentioning which of our package(s) you are using.

Our address is: Spatie, Samberstraat 69D, 2060 Antwerp, Belgium.

We publish all received postcards on our company website.

Credits

Support us

Spatie is a webdesign agency based in Antwerp, Belgium. You'll find an overview of all our open source projects on our website.

Does your business depend on our contributions? Reach out and support us on Patreon. All pledges will be dedicated to allocating workforce on maintenance and new awesome stuff.

License

The MIT License (MIT). Please see License File for more information.

spatie/laravel-cors 适用场景与选型建议

spatie/laravel-cors 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 2.17M 次下载、GitHub Stars 达 612, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「api」 「cors」 「ajax」 「request」 「spatie」 「laravel-cors」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 spatie/laravel-cors 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 spatie/laravel-cors 我们能提供哪些服务?
定制开发 / 二次开发

基于 spatie/laravel-cors 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 2.17M
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 613
  • 点击次数: 42
  • 依赖项目数: 14
  • 推荐数: 2

GitHub 信息

  • Stars: 612
  • Watchers: 13
  • Forks: 67
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 未知