PHPackages alireza5014/laravel-cors - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [HTTP & Networking](/categories/http) 4. / 5. alireza5014/laravel-cors ActiveLibrary[HTTP & Networking](/categories/http) alireza5014/laravel-cors ======================== Send CORS headers in a Laravel or Lumen application 019PHP Since Aug 29Pushed 4y ago1 watchersCompare [ Source](https://github.com/alireza5014/laravel-cors)[ Packagist](https://packagist.org/packages/alireza5014/laravel-cors)[ RSS](/packages/alireza5014-laravel-cors/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependenciesVersions (1)Used By (0) Notice ====== [](#notice) We have abandoned this package because Laravel 7 introduced native support for CORS. Only use this package if you're on Laravel 6 or below. Send CORS headers in a Laravel application ========================================== [](#send-cors-headers-in-a-laravel-application) [![Latest Version on Packagist](https://camo.githubusercontent.com/53da2a8c24bd832ccb7e1b435ca96845c3a5566c0d546df222bbf5b2a8abfb7c/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f616c6972657a61353031342f6c61726176656c2d636f72732e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/alireza5014/laravel-cors)[![Build Status](https://camo.githubusercontent.com/388481ade00541527dde485502b6ca8a95ddf67ec6092b3f7928224aa3c1bdd9/68747470733a2f2f696d672e736869656c64732e696f2f7472617669732f616c6972657a61353031342f6c61726176656c2d636f72732f6d61737465722e7376673f7374796c653d666c61742d737175617265)](https://travis-ci.org/alireza5014/laravel-cors)[![Quality Score](https://camo.githubusercontent.com/aa13a4aae84770f08136e1879e43881ed0f989759f98d6c4e28d8b14ca11b8a4/68747470733a2f2f696d672e736869656c64732e696f2f7363727574696e697a65722f672f616c6972657a61353031342f6c61726176656c2d636f72732e7376673f7374796c653d666c61742d737175617265)](https://scrutinizer-ci.com/g/alireza5014/laravel-cors)[![StyleCI](https://camo.githubusercontent.com/3ae7e35623f1945184e946f627ed1ca760bbb18af0021b1a9649f213478dda45/68747470733a2f2f7374796c6563692e696f2f7265706f732f3131333935373336382f736869656c643f6272616e63683d6d6173746572)](https://styleci.io/repos/113957368)[![Total Downloads](https://camo.githubusercontent.com/470ed1c0e63012e0fb40fd29fd15ad71fb8f056c3daedbde2bef588e2ac3526d/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f616c6972657a61353031342f6c61726176656c2d636f72732e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/alireza5014/laravel-cors) This package will add CORS headers to the responses of your Laravel or Lumen app. For more infomation about CORS, see the [Mozilla CORS documentation](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS). This package supports preflight requests and is easily configurable to fit your needs. Installation ------------ [](#installation) - [Laravel](#laravel) - [Lumen](#lumen) ### Laravel [](#laravel) You can install the package via Composer: ``` composer require alireza5014/laravel-cors ``` The package will automatically register its service provider. The provided `alireza5014\Cors\Cors` middleware must be registered in the global middleware group. ``` // app/Http/Kernel.php protected $middleware = [ ... \alireza5014\Cors\Cors::class ]; ``` ``` php artisan vendor:publish --provider="alireza5014\Cors\CorsServiceProvider" --tag="config" ``` This is the default content of the config file published at `config/cors.php`: ``` return [ /* * A cors profile determines which origins, methods, headers are allowed for * a given requests. The `DefaultProfile` reads its configuration from this * config file. * * You can easily create your own cors profile. * More info: https://github.com/alireza5014/laravel-cors/#creating-your-own-cors-profile */ 'cors_profile' => alireza5014\Cors\CorsProfile\DefaultProfile::class, /* * This configuration is used by `DefaultProfile`. */ 'default_profile' => [ 'allow_credentials' => false, 'allow_origins' => [ '*', ], 'allow_methods' => [ 'POST', 'GET', 'OPTIONS', 'PUT', 'PATCH', 'DELETE', ], 'allow_headers' => [ 'Content-Type', 'X-Auth-Token', 'Origin', 'Authorization', ], 'expose_headers' => [ 'Cache-Control', 'Content-Language', 'Content-Type', 'Expires', 'Last-Modified', 'Pragma', ], 'forbidden_response' => [ 'message' => 'Forbidden (cors).', 'status' => 403, ], /* * Preflight request will respond with value for the max age header. */ 'max_age' => 60 * 60 * 24, ], ]; ``` ### Lumen [](#lumen) You can install the package via Composer: ``` composer require alireza5014/laravel-cors ``` Copy the config file from the vendor directory: ``` cp vendor/alireza5014/laravel-cors/config/cors.php config/cors.php ``` Register the config file, the middleware and the service provider in `bootstrap/app.php`: ``` $app->configure('cors'); $app->middleware([ alireza5014\Cors\Cors::class, ]); $app->register(alireza5014\Cors\CorsServiceProvider::class); ``` Usage ----- [](#usage) With the middleware installed your API routes should now get appropriate CORS headers. Preflight requests will be handled as well. If a request comes in that is not allowed, Laravel will return a `403` response. The default configuration of this package allows all requests from any origin (denoted as `'*'`). You probably want to at least specify some origins relevant to your project. If you want to allow requests to come in from `https://alireza5014.be` and `https://laravel.com` add those domains to the config file: ``` // config/cors.php ... 'default_profile' => [ 'allow_origins' => [ 'https://alireza5014.be', 'https://laravel.com', ], ... ... ``` If you, for example, want to allow all subdomains from a specific domain, you can use the wildcard asterisk (`*`) and specifiy that: ``` // config/cors.php ... 'default_profile' => [ 'allow_origins' => [ 'https://alireza5014.be', 'https://laravel.com', 'https://*.alireza5014.be', 'https://*.laravel.com', ], ... ... ``` ### Creating your own CORS profile [](#creating-your-own-cors-profile) Imagine you want to specify allowed origins based on the user that is currently logged in. In that case the `DefaultProfile` which just reads the config file won't cut it. Fortunately it's very easy to write your own CORS profile, which is simply a class that extends `alireza5014\Cors\DefaultProfile`. Here's a quick example where it is assumed that you've already added an `allowed_domains` column on your user model: ``` namespace App\Services\Cors; use alireza5014\Cors\CorsProfile\DefaultProfile; class UserBasedCorsProfile extends DefaultProfile { public function allowOrigins(): array { return Auth::user()->allowed_domains; } } ``` You can override the default HTTP status code and message returned when a request is forbidden by editing the `forbidden_response` array in your configuration file: ``` 'forbidden_response' => [ 'message' => 'Your request failed', 'status' => 400, ], ``` Don't forget to register your profile in the config file. ``` // config/cors.php ... 'cors_profile' => App\Services\Cors\UserBasedCorsProfile::class, ... ``` In the example above we've overwritten the `allowOrigins` method, but of course you may choose to override any of the methods present in `DefaultProfile`. Testing ------- [](#testing) ``` composer test ``` Changelog --------- [](#changelog) Please see [CHANGELOG](CHANGELOG.md) for more information what has changed recently. Contributing ------------ [](#contributing) Please see [CONTRIBUTING](CONTRIBUTING.md) for details. Security -------- [](#security) If you discover any security related issues, please email instead of using the issue tracker. Alternatives ------------ [](#alternatives) - [barryvdh/laravel-cors](https://github.com/barryvdh/laravel-cors): a tried and tested package. Our package is a modern rewrite of the basic features of Barry's excellent one. We created our own solution because we needed our configuration to be [very flexible](#creating-your-own-cors-profile). Postcardware ------------ [](#postcardware) You're free to use this package, but if it makes it to your production environment we highly appreciate you sending us a postcard from your hometown, mentioning which of our package(s) you are using. Our address is: alireza5014, Samberstraat 69D, 2060 Antwerp, Belgium. We publish all received postcards [on our company website](https://alireza5014.be/en/opensource/postcards). Credits ------- [](#credits) - [Freek Van der Herten](https://github.com/freekmurze) - [All Contributors](../../contributors) Support us ---------- [](#support-us) alireza5014 is a webdesign agency based in Antwerp, Belgium. You'll find an overview of all our open source projects [on our website](https://alireza5014.be/opensource). Does your business depend on our contributions? Reach out and support us on [Patreon](https://www.patreon.com/alireza5014). All pledges will be dedicated to allocating workforce on maintenance and new awesome stuff. License ------- [](#license) The MIT License (MIT). Please see [License File](LICENSE.md) for more information. ### Health Score 16 — LowBetter than 5% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity6 Limited adoption so far Community7 Small or concentrated contributor base Maturity28 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://www.gravatar.com/avatar/ae985e377c57cc3d3dd3d4550f8b74771ec2909867c48f9a7b04e4be1f68c660?d=identicon)[alireza5014](/maintainers/alireza5014) --- Top Contributors [![alireza5014](https://avatars.githubusercontent.com/u/41649025?v=4)](https://github.com/alireza5014 "alireza5014 (8 commits)") ### Embed Badge ![Health badge](/badges/alireza5014-laravel-cors/health.svg) ``` [![Health](https://phpackages.com/badges/alireza5014-laravel-cors/health.svg)](https://phpackages.com/packages/alireza5014-laravel-cors) ``` ### Alternatives [friendsofsymfony/rest-bundle This Bundle provides various tools to rapidly develop RESTful API's with Symfony 2.8k73.3M319](/packages/friendsofsymfony-rest-bundle)[php-http/discovery Finds and installs PSR-7, PSR-17, PSR-18 and HTTPlug implementations 1.3k309.5M1.2k](/packages/php-http-discovery)[nyholm/psr7 A fast PHP7 implementation of PSR-7 1.3k235.4M2.4k](/packages/nyholm-psr7)[pusher/pusher-php-server Library for interacting with the Pusher REST API 1.5k94.8M293](/packages/pusher-pusher-php-server)[spatie/crawler Crawl all internal links found on a website 2.8k16.3M52](/packages/spatie-crawler)[react/http Event-driven, streaming HTTP client and server implementation for ReactPHP 78126.4M414](/packages/react-http) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)