PHPackages compwright/psr-cors - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [HTTP & Networking](/categories/http) 4. / 5. compwright/psr-cors ActiveLibrary[HTTP & Networking](/categories/http) compwright/psr-cors =================== PHP interop cross-origin resource sharing (CORS) library and middleware v1.0.0(1y ago)03.7k—8.3%MITPHPPHP ^8.2 Since Dec 24Pushed 1y agoCompare [ Source](https://github.com/compwright/psr-cors)[ Packagist](https://packagist.org/packages/compwright/psr-cors)[ Docs](https://github.com/compwright/psr-cors)[ RSS](/packages/compwright-psr-cors/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (1)Dependencies (7)Versions (3)Used By (0) compwright/psr-cors =================== [](#compwrightpsr-cors) Library and middleware enabling cross-origin resource sharing (CORS) for your PHP interoperable application, utilizing the PSR-7 and PSR-15 standards. It attempts to implement the [W3C Recommendation](http://www.w3.org/TR/cors/) for cross-origin resource sharing. Build status: [![.github/workflows/run-tests.yml](https://github.com/compwright/psr-cors/workflows/.github/workflows/run-tests.yml/badge.svg)](https://github.com/compwright/psr-cors/workflows/.github/workflows/run-tests.yml/badge.svg) Installation ------------ [](#installation) Require `compwright/psr-cors` using composer. Usage ----- [](#usage) This package can be used as a library or as PSR-15 middleware. ### Options [](#options) OptionDescriptionDefault value`allowedMethods`Matches the request method.All`allowedOrigins`Matches the request origin (supports regex).All`allowedHeaders`Sets the Access-Control-Allow-Headers response header.All`exposedHeaders`Sets the Access-Control-Expose-Headers response header.None`maxAge`Sets the Access-Control-Max-Age response header. Set to `null` to omit the header/use browser default.None`supportsCredentials`Sets the Access-Control-Allow-Credentials header.NoneThe *allowedMethods* and *allowedHeaders* options are case-insensitive. If `true` is provided to *allowedMethods*, *allowedOrigins* or *allowedHeaders* all methods/origins/headers are allowed. If *supportsCredentials* is `true`, you must [explicitly set](https://fetch.spec.whatwg.org/#cors-protocol-and-credentials) `allowedHeaders` for any headers which are not CORS safelisted. Example: using middleware ------------------------- [](#example-using-middleware) ```