NelmioCorsBundle
Adds CORS (Cross-Origin Resource Sharing) headers support in your Symfony application
Top Related Projects
Cross-origin resource sharing library and stack middleware.
Quick Overview
NelmioCorsBundle is a Symfony bundle that adds support for CORS (Cross-Origin Resource Sharing) to your Symfony application. It allows you to configure and manage CORS headers easily, enabling secure cross-origin requests in your web applications.
Pros
- Easy integration with Symfony applications
- Highly configurable with support for path-based rules
- Supports preflight requests and caching
- Actively maintained and compatible with recent Symfony versions
Cons
- Limited to Symfony framework, not usable in other PHP projects
- May require additional configuration for complex CORS scenarios
- Performance impact when handling many CORS requests
- Learning curve for developers new to CORS concepts
Code Examples
- Basic configuration in
config/packages/nelmio_cors.yaml
:
nelmio_cors:
defaults:
origin_regex: true
allow_origin: ['%env(CORS_ALLOW_ORIGIN)%']
allow_methods: ['GET', 'OPTIONS', 'POST', 'PUT', 'PATCH', 'DELETE']
allow_headers: ['Content-Type', 'Authorization']
expose_headers: ['Link']
max_age: 3600
- Path-specific configuration:
nelmio_cors:
paths:
'^/api/':
allow_origin: ['http://example.com']
allow_headers: ['X-Custom-Auth']
allow_methods: ['POST', 'PUT', 'GET', 'DELETE']
max_age: 3600
- Configuring CORS in a controller using annotations:
use Nelmio\CorsBundle\Annotation\Cors;
/**
* @Cors({"allow_origin": {"http://example.com"}, "allow_headers": {"X-Custom-Auth"}, "allow_methods": {"POST", "PUT", "GET", "DELETE"}})
*/
public function apiAction()
{
// Your controller logic here
}
Getting Started
-
Install the bundle using Composer:
composer require nelmio/cors-bundle
-
If you're using Symfony Flex, the bundle will be automatically configured. Otherwise, add it to your
config/bundles.php
:return [ // ... Nelmio\CorsBundle\NelmioCorsBundle::class => ['all' => true], ];
-
Configure the bundle in
config/packages/nelmio_cors.yaml
(see the first code example for basic configuration). -
Clear your cache:
php bin/console cache:clear
Competitor Comparisons
Cross-origin resource sharing library and stack middleware.
Pros of stack-cors
- Framework-agnostic, can be used with any PHP project
- Lightweight and focused solely on CORS functionality
- Easy integration with middleware-based applications
Cons of stack-cors
- Less feature-rich compared to NelmioCorsBundle
- Requires more manual configuration
- May need additional setup for complex use cases
Code Comparison
NelmioCorsBundle configuration:
nelmio_cors:
defaults:
allow_origin: ['http://example.com']
allow_methods: ['GET', 'POST', 'PUT', 'DELETE']
allow_headers: ['Content-Type', 'Authorization']
stack-cors configuration:
$app->add(new Cors([
'origin' => ['http://example.com'],
'methods' => ['GET', 'POST', 'PUT', 'DELETE'],
'headers.allow' => ['Content-Type', 'Authorization'],
]));
Both libraries provide CORS support for PHP applications, but they cater to different use cases. NelmioCorsBundle is specifically designed for Symfony applications, offering deep integration and extensive configuration options. It's ideal for complex Symfony projects requiring fine-grained CORS control.
stack-cors, on the other hand, is more versatile and can be used in various PHP frameworks or standalone applications. It's particularly well-suited for middleware-based architectures. While it may require more manual setup, it offers greater flexibility for developers working outside the Symfony ecosystem.
The choice between these libraries depends on your project's specific needs, framework, and desired level of CORS configuration complexity.
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual CopilotREADME
NelmioCorsBundle
About
The NelmioCorsBundle allows you to send Cross-Origin Resource Sharing headers with ACL-style per-URL configuration.
Features
- Handles CORS preflight OPTIONS requests
- Adds CORS headers to your responses
- Configured at the PHP/application level. This is convenient but it also means that any request serving static files and not going through Symfony will not have the CORS headers added, so if you need to serve CORS for static files you probably should rather configure these headers in your web server
Installation
Require the nelmio/cors-bundle
package in your composer.json and update your dependencies:
composer require nelmio/cors-bundle
The bundle should be automatically enabled by Symfony Flex. If you don't use Flex, you'll need to enable it manually as explained in the docs.
Usage
See the documentation for usage instructions.
License
Released under the MIT License, see LICENSE.
Top Related Projects
Cross-origin resource sharing library and stack middleware.
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual Copilot