搜索由 
struggle-for-php / sfp-cors-middleware
PSR-7 CORS 中间件
0.15.0
2017-07-22 15:09 UTC
Requires
- php: ^7.1
- http-interop/http-middleware: ^0.4.1
- neomerx/cors-psr7: ^1.0
Requires (Dev)
This package is auto-updated.
Last update: 2024-09-06 15:48:14 UTC
README
此中间件实现了 跨源资源共享。它最初是为 Slim 开发的,但也可以与所有使用 PSR-7 风格中间件的框架一起使用。它已经与 Slim 框架 和 Zend Expressive 进行了测试。内部中间件使用 neomerx/cors-psr7 库来完成繁重的工作。
安装
使用 composer 安装。
$ composer require tuupola/cors-middleware
使用方法
文档假设您对 CORS 有一定的了解。没有强制参数。如果没有参数调用,将使用以下默认值。以下示例假设您正在使用 Slim 框架。
$app = new \Slim\App(); $app->add(new \Tuupola\Middleware\Cors([ "origin" => ["*"], "methods" => ["GET", "POST", "PUT", "PATCH", "DELETE"], "headers.allow" => [], "headers.expose" => [], "credentials" => false, "cache" => 0, ]));
$ curl "https://api.example.com/" \ --request OPTIONS \ --include --header "Access-Control-Request-Method: PUT" \ --header "Origin: http://www.example.com" HTTP/1.1 200 OK Access-Control-Allow-Origin: http://www.example.com Vary: Origin Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE
然而,您可能想要更改一些默认值。例如,如果您正在开发一个支持缓存和条件请求的 REST API,可以使用以下配置。
$app = new \Slim\App(); $app->add(new \Tuupola\Middleware\Cors([ "origin" => ["*"], "methods" => ["GET", "POST", "PUT", "PATCH", "DELETE"], "headers.allow" => ["Authorization", "If-Match", "If-Unmodified-Since"], "headers.expose" => ["Etag"], "credentials" => true, "cache" => 86400 ]));
$ curl "https://api.example.com/foo" \ --request OPTIONS \ --include \ --header "Origin: http://www.example.com" \ --header "Access-Control-Request-Method: PUT" \ --header "Access-Control-Request-Headers: Authorization, If-Match" HTTP/1.1 200 OK Access-Control-Allow-Origin: http://www.example.com Access-Control-Allow-Credentials: true Vary: Origin Access-Control-Max-Age: 86400 Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE Access-Control-Allow-Headers: authorization, if-match, if-unmodified-since
$ curl "https://api.example.com/foo" \ --request PUT \ --include \ --header "Origin: http://www.example.com" HTTP/1.1 200 OK Access-Control-Allow-Origin: http://www.example.com Access-Control-Allow-Credentials: true Vary: Origin Access-Control-Expose-Headers: Etag
其他参数
日志记录器
可选的 logger 参数允许您传递一个 PSR-3 兼容的日志记录器,以帮助调试或其他应用程序日志记录需求。
$app = new \Slim\App(); $logger = \Monolog\Logger("slim"); $rotating = new RotatingFileHandler(__DIR__ . "/logs/slim.log", 0, Logger::DEBUG); $logger->pushHandler($rotating); $app->add(new \Tuupola\Middleware\Cors([ "logger" => $logger, ]));
错误
当 CORS 请求失败时调用错误。它接收最后一个错误消息作为参数。这可以用于在 CORS 请求失败时创建 application/json 响应。
$app = new \Slim\App(); $app->add(new \Tuupola\Middleware\Cors([ "methods" => ["GET", "POST", "PUT"], "error" => function ($request, $response, $arguments) { $data["status"] = "error"; $data["message"] = $arguments["message"]; return $response ->withHeader("Content-Type", "application/json") ->write(json_encode($data, JSON_UNESCAPED_SLASHES | JSON_PRETTY_PRINT)); } ]));
$ curl https://api.example.com/foo \
--request OPTIONS \
--include \
--header "Access-Control-Request-Method: PATCH" \
--header "Origin: http://www.example.com"
HTTP/1.1 401 Unauthorized
Content-Type: application/json
Content-Length: 83
{
"status": "error",
"message": "CORS requested method is not supported."
}
测试
您可以手动运行测试...
$ vendor/bin/phpunit $ vendor/bin/phpcs --standard=PSR2 src/ -p
... 或者每次代码更改时自动运行。
$ npm install $ grunt watch
贡献
有关详细信息,请参阅 CONTRIBUTING。
安全
如果您发现任何与安全相关的问题,请通过电子邮件 tuupola@appelsiini.net 而不是使用问题跟踪器。
许可证
MIT 许可证 (MIT)。请参阅 许可证文件 了解更多信息。