stack-cors

Cross-origin resource sharing library and stack middleware.

1,277

View on GitHub

Top Related Projects

NelmioCorsBundle

1,881

Adds CORS (Cross-Origin Resource Sharing) headers support in your Symfony application

laravel-cors

6,265

Adds CORS (Cross-Origin Resource Sharing) headers support in your Laravel application

Quick Overview

asm89/stack-cors is a PHP library that provides Cross-Origin Resource Sharing (CORS) support for PHP applications using the Stack middleware approach. It allows developers to easily configure and implement CORS policies in their PHP projects, ensuring secure cross-origin requests.

Pros

Easy integration with existing PHP applications
Flexible configuration options for CORS policies
Compatible with popular PHP frameworks and middleware stacks
Actively maintained and well-documented

Cons

Limited to PHP applications only
Requires understanding of CORS concepts for proper implementation
May introduce additional overhead in request processing
Not suitable for applications with complex CORS requirements

Code Examples

Basic CORS configuration:

use Asm89\Stack\CorsService;
use Asm89\Stack\Cors;

$app = new Cors($app, new CorsService([
    'allowedOrigins' => ['*'],
    'allowedMethods' => ['GET', 'POST', 'PUT', 'DELETE'],
    'allowedHeaders' => ['*'],
]));

Custom CORS configuration with specific origins:

$app = new Cors($app, new CorsService([
    'allowedOrigins' => ['https://example.com', 'https://api.example.com'],
    'allowedMethods' => ['GET', 'POST'],
    'allowedHeaders' => ['X-Custom-Header', 'Content-Type'],
    'exposedHeaders' => ['X-Api-Version'],
    'maxAge' => 3600,
]));

Using CORS with a PSR-15 middleware:

use Asm89\Stack\CorsService;
use Asm89\Stack\Cors;
use Psr\Http\Server\MiddlewareInterface;

class CorsMiddleware implements MiddlewareInterface
{
    public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
    {
        $cors = new Cors($handler, new CorsService([
            'allowedOrigins' => ['*'],
            'allowedMethods' => ['GET', 'POST', 'PUT', 'DELETE'],
        ]));
        
        return $cors->handle($request);
    }
}

Getting Started

Install the library using Composer:

composer require asm89/stack-cors

Create a new CORS middleware in your application:

use Asm89\Stack\CorsService;
use Asm89\Stack\Cors;

$app = new Cors($app, new CorsService([
    'allowedOrigins' => ['*'],
    'allowedMethods' => ['GET', 'POST', 'PUT', 'DELETE'],
    'allowedHeaders' => ['*'],
]));

Add the middleware to your application's middleware stack or use it as a PSR-15 middleware.

Competitor Comparisons

NelmioCorsBundle

1,881

Adds CORS (Cross-Origin Resource Sharing) headers support in your Symfony application

Pros of NelmioCorsBundle

Specifically designed for Symfony framework, offering seamless integration
Provides more granular configuration options for CORS settings
Includes built-in support for preflight requests handling

Cons of NelmioCorsBundle

Limited to Symfony projects, less versatile for other PHP applications
May have a steeper learning curve due to more complex configuration options

Code Comparison

NelmioCorsBundle configuration:

nelmio_cors:
    defaults:
        allow_origin: ['http://example.com']
        allow_methods: ['GET', 'POST', 'PUT', 'DELETE']
        allow_headers: ['Content-Type', 'Authorization']
        max_age: 3600

stack-cors usage:

use Asm89\Stack\CorsService;

$app = new Cors($app, [
    'allowedOrigins' => ['http://example.com'],
    'allowedMethods' => ['GET', 'POST', 'PUT', 'DELETE'],
    'allowedHeaders' => ['Content-Type', 'Authorization'],
    'maxAge' => 3600,
]);

Both libraries provide CORS functionality for PHP applications, but NelmioCorsBundle is tailored for Symfony projects with more advanced configuration options. stack-cors offers a simpler, more flexible solution that can be integrated into various PHP frameworks and applications. The choice between the two depends on the specific project requirements and the framework being used.

laravel-cors

6,265

Adds CORS (Cross-Origin Resource Sharing) headers support in your Laravel application

Pros of laravel-cors

Specifically designed for Laravel, offering seamless integration
Provides Laravel-specific configuration options and middleware
Supports automatic handling of preflight requests

Cons of laravel-cors

Limited to Laravel applications, less versatile for other PHP frameworks
May have a steeper learning curve for developers not familiar with Laravel

Code Comparison

stack-cors:

$app->add(new Asm89\Stack\CorsService($options));

laravel-cors:

protected $middleware = [
    \Fruitcake\Cors\HandleCors::class,
];

Key Differences

stack-cors is framework-agnostic and can be used with various PHP applications
laravel-cors is tailored for Laravel, providing a more streamlined experience for Laravel developers
stack-cors requires manual configuration for preflight requests, while laravel-cors handles them automatically

Use Cases

Choose stack-cors for non-Laravel PHP applications or when working across multiple frameworks
Opt for laravel-cors when developing Laravel applications for better integration and Laravel-specific features

Community and Maintenance

Both projects are actively maintained and have good community support
laravel-cors has more frequent updates and contributions, likely due to its focus on the popular Laravel framework

Performance

Both packages have minimal performance impact
laravel-cors may have a slight edge in Laravel applications due to its optimized integration

Convert designs to code with AI

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

Stack/Cors

Library and middleware enabling cross-origin resource sharing for your http-{foundation,kernel} using application. It attempts to implement the W3C Recommendation for cross-origin resource sharing.

Build status:

Installation

Require asm89/stack-cors using composer.

Usage

This package can be used as a library or as stack middleware.

Options

Option	Description	Default value
`allowedMethods`	Matches the request method.	`[]`
`allowedOrigins`	Matches the request origin.	`[]`
`allowedOriginsPatterns`	Matches the request origin with `preg_match`.	`[]`
`allowedHeaders`	Sets the Access-Control-Allow-Headers response header.	`[]`
`exposedHeaders`	Sets the Access-Control-Expose-Headers response header.	`false`
`maxAge`	Sets the Access-Control-Max-Age response header. Set to `null` to omit the header/use browser default.	`0`
`supportsCredentials`	Sets the Access-Control-Allow-Credentials header.	`false`

The allowedMethods and allowedHeaders options are case-insensitive.

You don't need to provide both allowedOrigins and allowedOriginsPatterns. If one of the strings passed matches, it is considered a valid origin.

If ['*'] is provided to allowedMethods, allowedOrigins or allowedHeaders all methods / origins / headers are allowed.

If supportsCredentials is true, you must explicitly set allowedHeaders for any headers which are not CORS safelisted.

Example: using the library

<?php

use Asm89\Stack\CorsService;

$cors = new CorsService([
    'allowedHeaders'         => ['x-allowed-header', 'x-other-allowed-header'],
    'allowedMethods'         => ['DELETE', 'GET', 'POST', 'PUT'],
    'allowedOrigins'         => ['http://localhost'],
    'allowedOriginsPatterns' => ['/localhost:\d/'],
    'exposedHeaders'         => false,
    'maxAge'                 => 600,
    'supportsCredentials'    => true,
]);

$cors->addActualRequestHeaders(Response $response, $origin);
$cors->handlePreflightRequest(Request $request);
$cors->isActualRequestAllowed(Request $request);
$cors->isCorsRequest(Request $request);
$cors->isPreflightRequest(Request $request);

Example: using the stack middleware

<?php

use Asm89\Stack\Cors;

$app = new Cors($app, [
    // you can use ['*'] to allow any headers
    'allowedHeaders'      => ['x-allowed-header', 'x-other-allowed-header'],
    // you can use ['*'] to allow any methods
    'allowedMethods'      => ['DELETE', 'GET', 'POST', 'PUT'],
    // you can use ['*'] to allow requests from any origin
    'allowedOrigins'      => ['localhost'],
    // you can enter regexes that are matched to the origin request header
    'allowedOriginsPatterns' => ['/localhost:\d/'],
    'exposedHeaders'      => false,
    'maxAge'              => 600,
    'supportsCredentials' => false,
]);

Top Related Projects

NelmioCorsBundle

1,881

Adds CORS (Cross-Origin Resource Sharing) headers support in your Symfony application

laravel-cors

6,265

Adds CORS (Cross-Origin Resource Sharing) headers support in your Laravel application

Convert designs to code with AI

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot