sfp/sfp-cors-middleware

PSR-7 CORS 中间件

维护者

详情

github.com/struggle-for-php/sfp-cors-middleware

主页

源代码

安装: 8

依赖项: 0

建议者: 0

安全性: 0

星标: 0

关注者: 2

分支: 16

0.15.0 2017-07-22 15:09 UTC

Requires

Requires (Dev)

MIT 0205f3df1cb6524bc2f238d25c373d9816902ada

corsmiddleware

This package is auto-updated.

Last update: 2024-09-06 15:53:18 UTC

README

本中间件实现了跨源资源共享。它最初是为Slim框架开发的,但可以与所有使用PSR-7风格中间件的框架一起使用。它已经与Slim FrameworkZend Expressive进行了测试。中间件内部使用neomerx/cors-psr7库来执行繁重的工作。

Latest Version Software License Build Status HHVM Status Coverage

安装

使用composer安装。

$ composer require tuupola/cors-middleware

使用方法

文档假设您对CORS有基本了解。没有强制参数。如果没有参数调用,则使用以下默认值。以下示例假设您正在使用Slim Framework。

$app = new \Slim\App();

$app->add(new \Tuupola\Middleware\Cors([
    "origin" => ["*"],
    "methods" => ["GET", "POST", "PUT", "PATCH", "DELETE"],
    "headers.allow" => [],
    "headers.expose" => [],
    "credentials" => false,
    "cache" => 0,
]));
$ curl "https://api.example.com/" \
    --request OPTIONS \
    --include
    --header "Access-Control-Request-Method: PUT" \
    --header "Origin: http://www.example.com"

HTTP/1.1 200 OK
Access-Control-Allow-Origin: http://www.example.com
Vary: Origin
Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE

然而,您很可能想更改一些默认值。例如,如果您正在开发支持缓存和条件请求的REST API,则可以使用以下设置。

$app = new \Slim\App();

$app->add(new \Tuupola\Middleware\Cors([
    "origin" => ["*"],
    "methods" => ["GET", "POST", "PUT", "PATCH", "DELETE"],
    "headers.allow" => ["Authorization", "If-Match", "If-Unmodified-Since"],
    "headers.expose" => ["Etag"],
    "credentials" => true,
    "cache" => 86400
]));
$ curl "https://api.example.com/foo" \
    --request OPTIONS \
    --include \
    --header "Origin: http://www.example.com" \
    --header "Access-Control-Request-Method: PUT" \
    --header "Access-Control-Request-Headers: Authorization, If-Match"

HTTP/1.1 200 OK
Access-Control-Allow-Origin: http://www.example.com
Access-Control-Allow-Credentials: true
Vary: Origin
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE
Access-Control-Allow-Headers: authorization, if-match, if-unmodified-since
$ curl "https://api.example.com/foo" \
    --request PUT \
    --include \
    --header "Origin: http://www.example.com"

HTTP/1.1 200 OK
Access-Control-Allow-Origin: http://www.example.com
Access-Control-Allow-Credentials: true
Vary: Origin
Access-Control-Expose-Headers: Etag

其他参数

日志记录器

可选的logger参数允许您传递一个PSR-3兼容的日志记录器,以帮助调试或满足其他应用程序的日志记录需求。

$app = new \Slim\App();

$logger = \Monolog\Logger("slim");
$rotating = new RotatingFileHandler(__DIR__ . "/logs/slim.log", 0, Logger::DEBUG);
$logger->pushHandler($rotating);

$app->add(new \Tuupola\Middleware\Cors([
    "logger" => $logger,
]));

错误

当CORS请求失败时调用错误。它接收最后错误信息作为参数。例如,可以用此创建CORS请求失败时的application/json响应。

$app = new \Slim\App();

$app->add(new \Tuupola\Middleware\Cors([
    "methods" => ["GET", "POST", "PUT"],
    "error" => function ($request, $response, $arguments) {
        $data["status"] = "error";
        $data["message"] = $arguments["message"];
        return $response
            ->withHeader("Content-Type", "application/json")
            ->write(json_encode($data, JSON_UNESCAPED_SLASHES | JSON_PRETTY_PRINT));
    }
]));
$ curl https://api.example.com/foo \
    --request OPTIONS \
    --include \
    --header "Access-Control-Request-Method: PATCH" \
    --header "Origin: http://www.example.com"

HTTP/1.1 401 Unauthorized
Content-Type: application/json
Content-Length: 83

{
    "status": "error",
    "message": "CORS requested method is not supported."
}

测试

您可以手动运行测试...

$ vendor/bin/phpunit
$ vendor/bin/phpcs --standard=PSR2 src/ -p

... 或者每次代码更改时自动运行。

$ npm install
$ grunt watch

贡献

有关详细信息,请参阅CONTRIBUTING

安全性

如果您发现任何安全相关的问题,请通过电子邮件tuupola@appelsiini.net联系,而不是使用问题跟踪器。

许可证

MIT许可证(MIT)。请参阅许可证文件以获取更多信息。