PHPackages asm89/stack-cors - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [HTTP & Networking](/categories/http) 4. / 5. asm89/stack-cors ActiveLibrary[HTTP & Networking](/categories/http) asm89/stack-cors ================ Cross-origin resource sharing library and stack middleware v2.4.0(3mo ago)1.3k180.6M—3%61[1 PRs](https://github.com/asm89/stack-cors/pulls)20MITPHPPHP ^7.3|^8.0CI failing Since Aug 14Pushed 3mo ago6 watchersCompare [ Source](https://github.com/asm89/stack-cors)[ Packagist](https://packagist.org/packages/asm89/stack-cors)[ Docs](https://github.com/asm89/stack-cors)[ RSS](/packages/asm89-stack-cors/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (10)Dependencies (4)Versions (32)Used By (20) Stack/Cors ========== [](#stackcors) Library and middleware enabling cross-origin resource sharing for your http-{foundation,kernel} using application. It attempts to implement the [W3C Recommendation](http://www.w3.org/TR/cors/) for cross-origin resource sharing. Build status: [![.github/workflows/run-tests.yml](https://github.com/asm89/stack-cors/workflows/.github/workflows/run-tests.yml/badge.svg)](https://github.com/asm89/stack-cors/workflows/.github/workflows/run-tests.yml/badge.svg) Installation ------------ [](#installation) Require `asm89/stack-cors` using composer. Usage ----- [](#usage) This package can be used as a library or as [stack middleware](http://stackphp.com/). ### Options [](#options) OptionDescriptionDefault value`allowedMethods`Matches the request method.`[]``allowedOrigins`Matches the request origin.`[]``allowedOriginsPatterns`Matches the request origin with `preg_match`.`[]``allowedHeaders`Sets the Access-Control-Allow-Headers response header.`[]``exposedHeaders`Sets the Access-Control-Expose-Headers response header.`false``maxAge`Sets the Access-Control-Max-Age response header. Set to `null` to omit the header/use browser default.`0``supportsCredentials`Sets the Access-Control-Allow-Credentials header.`false`The *allowedMethods* and *allowedHeaders* options are case-insensitive. You don't need to provide both *allowedOrigins* and *allowedOriginsPatterns*. If one of the strings passed matches, it is considered a valid origin. If `['*']` is provided to *allowedMethods*, *allowedOrigins* or *allowedHeaders* all methods / origins / headers are allowed. If *supportsCredentials* is `true`, you must [explicitly set](https://fetch.spec.whatwg.org/#cors-protocol-and-credentials) `allowedHeaders` for any headers which are not CORS safelisted. ### Example: using the library [](#example-using-the-library) ```