diff --git a/README.md b/README.md index 2d2bfff..f0be2be 100644 --- a/README.md +++ b/README.md @@ -25,7 +25,7 @@ use Medz\Cors\Cors; $cors = new Cors($config); // The $config πŸ‘‰ `config/cors.php` file. $cors->setRequest($requestType, $request); // The $request is empty array or is `NULL` or $_REQUEST -$cors->setResponse($responseType, $response) // The $response is empty array. +$cors->setResponse($responseType, $response); // The $response is empty array. $cors->handle(); $response = $cors->getResponse(); @@ -33,14 +33,29 @@ $response = $cors->getResponse(); Both `$requestType` and `$responseType` are of any type that is individually set to support, but if used in a framework, these two values are usually the same. Because you can set it up individually, you can deliver different values depending on your needs to achieve your goals. +### Configure + +The config example: + +```php +$config = [ + 'allow-credentiails' => false, // set "Access-Control-Allow-Credentials" πŸ‘‰ string "false" or "true". + 'allow-headers' => ['*'], // ex: Content-Type, Accept, X-Requested-With + 'expose-headers' => [], + 'origins' => ['*'], // ex: http://localhost + 'methods' => ['*'], // ex: GET, POST, PUT, PATCH, DELETE + 'max-age' => 0, +]; +``` + ### Array ```php use Medz\Cors\Cors; -$cors = new Cors($config); // The $config πŸ‘‰ `config/cors.php` file. -$cors->setRequest('array', $request); // The $request is empty array or is `NULL` or $_REQUEST -$cors->setResponse('array', $response) // The $response is empty array. +$cors = new Cors($config); +$cors->setRequest('array', $request); +$cors->setResponse('array', $response); $cors->handle(); $response = $cors->getResponse(); @@ -60,16 +75,77 @@ $response = $cors->getResponse(); ### Laravel -Add `Medz\Cors\Laravel\Middleware\Cors::class` to you app file `app/Http/Kernel.php`, Here is an example of an API middleware group: +> The package only support Laravel >= **`5.5`**. + +The package `ServiceProvider` default perend to `app/Http/Kernel.php` `$middleware`, If you want to customize the order of the middleware execution, please add it to the `$middleware` manually: + + +```php +protected $middleware => [ + // ... + Medz\Cors\Laravel\Middleware\Cors::class, + // ... +]; +``` + +#### Configure + +You run Laravel Artisan command: `php artisan vendor::publish --force --class="\Medz\Cors\Laravel\Probiders\LaravelServiceProvider"` publish `cors.php` file to `config` dir. + +There are some configurations that you can write directly in the `.env` file: + +| Name | Desc | +|----|----| +| CORS_ALLOW_CREDENTIAILS | `Access-Control-Allow-Credentials` | +| CORS_ACCESS_CONYROL_MAX_AGE | `Access-Control-Max-Age` | +| CORS_LARAVEL_ALLOW_ROUTE_PERFIX | Prefix settings for allowing cross domains. | +| CORS_LARABEL_ROUTE_GROUP_MODE | Whether routing group matching is enabled, if open, only the startup routing group allows setting cross domain information. | + +#### Route Group Mode + +This package allows you to configure the cross-domain routed middleware groups individually. If this mode is enabled, only routes configured with the `Medz\Cors\Laravel\Middleware\ShouldGroup` middleware will allow you to add cross-domain settings. + +To facilitate your memory, you can set the middleware alias directly in your `app/Http/Kernel.php` file: + +```php +protected $routeMiddleware = [ + // ... + 'cors-should' => \Medz\Cors\Laravel\Middleware\ShouldGroup::class, +]; +``` + +You can set it directly to the routing middleware: + +```php +Route::middleware('cors-should') // Route::middleware(\Medz\Cors\Laravel\Middleware\ShouldGroup::class) + ->get('/cors-test', ...); +``` + +You can also set it to the middleware group you allow, we use the `api` group as an example(`app/Http/Kernel.php`): + ```php -protected $middlewareGroups => [ +protected $middlewareGroups = [ + // ... 'api' => [ - Medz\Cors\Laravel\Middleware\Cors::class, - ] + // ... + \Medz\Cors\Laravel\Middleware\ShouldGroup::class, // If you have aliased the middleware, you can write the middleware alias directly. + // ... + ], + // ... ]; ``` +> Allow group functions and route prefix matching functions to be processed together. + +#### Route Prefix + +Routing prefixes, also known as route matching, allow you to configure routing rules. Only routes that meet the rules are allowed to cross domains. + +You can modify the `config.cors.php` `laravel.allow-route-perfix` value to configure, or you can use `CORS_LARAVEL_ALLOW_ROUTE_PERFIX` to set rules in `.env`. + +The default setting is `*`. + ### Symfony > ⚠️The framework has not provided a method yet. Please wait! diff --git a/config/cors.php b/config/cors.php index b62dc2f..f11d2b7 100644 --- a/config/cors.php +++ b/config/cors.php @@ -1,14 +1,14 @@ false, // set "Access-Control-Allow-Credentials" πŸ‘‰ string "false" or "true". + 'allow-credentiails' => env('CORS_ALLOW_CREDENTIAILS', false), // set "Access-Control-Allow-Credentials" πŸ‘‰ string "false" or "true". 'allow-headers' => ['*'], // ex: Content-Type, Accept, X-Requested-With 'expose-headers' => [], 'origins' => ['*'], // ex: http://localhost 'methods' => ['*'], // ex: GET, POST, PUT, PATCH, DELETE - 'max-age' => 0, + 'max-age' => env('CORS_ACCESS_CONYROL_MAX_AGE', 0), 'laravel' => [ - 'allow-route-perfix' => '*', // The perfix is using \Illumante\Http\Request::is method. πŸ‘‰ - 'route-grouo-mode' => false, + 'allow-route-perfix' => env('CORS_LARAVEL_ALLOW_ROUTE_PERFIX', '*'), // The perfix is using \Illumante\Http\Request::is method. πŸ‘‰ + 'route-group-mode' => env('CORS_LARABEL_ROUTE_GROUP_MODE', false), ], ]; diff --git a/src/Laravel/Middleware/Cors.php b/src/Laravel/Middleware/Cors.php index 645d3ed..77d09b3 100644 --- a/src/Laravel/Middleware/Cors.php +++ b/src/Laravel/Middleware/Cors.php @@ -89,7 +89,7 @@ public function handle($request, Closure $next) */ protected function hasShouldRouteGroup($request): bool { - if (!config('cors.laravel.route-grouo-mode')) { + if (!config('cors.laravel.route-group-mode')) { return true; }