PHPackages enlightener/php-cors - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. enlightener/php-cors ActiveLibrary[Security](/categories/security) enlightener/php-cors ==================== Enlightener PHP CORS (Cross-Origin Resource Sharing) is a small library support to prevent attacks from a cross-origin request v1.0.9(1y ago)1464MITPHPPHP >=7.4CI passing Since Jan 19Pushed 1y ago1 watchersCompare [ Source](https://github.com/haunv-be/php-cors)[ Packagist](https://packagist.org/packages/enlightener/php-cors)[ Docs](https://github.com/haunv-be/php-cors)[ RSS](/packages/enlightener-php-cors/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (2)Dependencies (2)Versions (12)Used By (0) 🚀Features --------- [](#features) - Configure options for each domain. - Flexible about the usage way. - Handle the incoming requests strictly and write exceptions log if any to easy debug. About ----- [](#about) [![Build Status](https://github.com/haunv-be/php-cors/workflows/tests/badge.svg)](https://github.com/haunv-be/php-cors/actions)[![Total Downloads](https://camo.githubusercontent.com/9ba73bca3209f31d92beddc4add28f0b2b4d1cee7c761bca77ed9a616794ab54/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f656e6c69676874656e65722f7068702d636f7273)](https://packagist.org/packages/enlightener/php-cors)[![Latest Stable Version](https://camo.githubusercontent.com/5bda273e0ce993387e8849f3cf59318fac9c126249d332c9775f87ea6ff179bd/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f656e6c69676874656e65722f7068702d636f7273)](https://packagist.org/packages/enlightener/php-cors)[![License](https://camo.githubusercontent.com/13141dc5063afd3d04338301d894f620cbe99ee24ef546b37cad8e96675f4db8/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f6c2f656e6c69676874656e65722f7068702d636f7273)](https://packagist.org/packages/enlightener/php-cors) Enlightener PHP CORS is a small library support to prevent attacks from a cross-origin request. I spent a lot of time researching the mechanism, as well as how it works and summarized each line by comments. This library is for the `Laravel` framework and is also possible for the `Symfony` framework and the `PHP` language, but you must modify it if want to use it. These documents I referenced and listed here: - MDN Web Docs: [`CORS`](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) - GitHub: [`asm89/stack-cors`](https://github.com/asm89/stack-cors) - GitHub: [`fruitcake/laravel-cors`](https://github.com/fruitcake/laravel-cors) Note Use for versions of `Laravel` from **6** to **10** or higher, and the `PHP` version must be from **7.4** Installation ------------ [](#installation) ``` composer require enlightener/php-cors ``` Basic Usage ----------- [](#basic-usage) Note Attributes can be a string separation by comma or an array such as `foo, baz` | `['foo', 'baz']` **Register a cors service** ``` // Default options Cors::origins('*'); // Register one service Cors::origins('https://php.net') ->headers('X-Header-One, X-Header-Two, X-Header-Three') ->methods('GET, HEAD, POST') ->credentials(false) ->exposedHeaders('X-Header-One, X-Header-Two, X-Header-Three') ->maxAge(0); // Register include wildcard in the domain Cors::origin('*.example.com') ->headers('X-Header-One, X-Header-Two, X-Header-Three') ->methods('GET, HEAD, POST'); // Register many services Cors::origins('https://php.net, https://laravel.com') ->headers('X-Header-One, X-Header-Two, X-Header-Three') ->methods('GET, HEAD, POST'); // or Cors::origins(['https://php.net', 'https://laravel.com', '*.example.com']) ->headers(['X-Header-One', 'X-Header-Two', 'X-Header-Three']) ->methods(['GET', 'HEAD', 'POST']) ->exposedHeaders(['X-Header-One', 'X-Header-Two', 'X-Header-Three']); // or Cors::register([ 'origins' => ['https://php.net', 'https://laravel.com', '*.example.com'], 'headers' => ['X-Header-One', 'X-Header-Two', 'X-Header-Three'], 'credentials' => false, 'exposedHeaders' => ['X-Header-One', 'X-Header-Two', 'X-Header-Three'], 'maxAge' => 0 ]); // Retrieve all items in the collection Cors::collection()->items(); // You can use any method that you want to meet the requirements of your project. // Note that to register a cors service always start with the first "origins" method // on each call a CORS facade instance. ``` **Handle a cors service** ``` namespace App\Http\Middleware; use Closure; use Enlightener\Cors\Cors; use Illuminate\Http\Request; use Illuminate\Http\Response; use Illuminate\Http\JsonResponse; use Illuminate\Http\RedirectResponse; class CorsHandler { /** * Handle an incoming request. */ public function handle(Request $request, Closure $next): Response|JsonResponse|RedirectResponse { Cors::origins(['https://php.net', 'https://laravel.com', 'https://symfony.com']) ->headers(['X-Header-One', 'X-Header-Two', 'X-Header-Three']) ->methods(['GET', 'HEAD', 'POST']); return Cors::handle($request, $next); } } ``` **Configuration** Note These options are strict, and this means that when you set an option that has the `[*]` value then it will be equivalent to the work you dynamically handled based on the incoming request. We will not disclose any values unnecessary for the browser side. OptionDescriptionDefault value`origins`Origins are allowed so that the server side can share a resource.`[*]``methods`Methods allowed when accessing a resource.`[*]``headers`Headers that can be used during the actual request.`[*]``credentials`Credentials are allowed such as `cookies`, `tls`, `client certificates`, or `authentication headers`.`false``exposedHeaders`Headers can be exposed to the browser side.`[]``maxAge`The duration in seconds that the results of headers in a `preflight` request such as `access-control-allow: headers, methods` can cached.`0`License ------- [](#license) The PHP CORS library is licensed under the [MIT license](https://github.com/haunv-be/php-cors/blob/main/LICENSE.md). ### Health Score 30 — LowBetter than 64% of packages Maintenance43 Moderate activity, may be stable Popularity14 Limited adoption so far Community7 Small or concentrated contributor base Maturity45 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~2 days Total 11 Last Release 455d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/241c035501e8b057d9f58d7b1114a3d26148d9be97b89b17ed09c0ff1c3c096a?d=identicon)[haunv-be](/maintainers/haunv-be) --- Top Contributors [![haunvbe](https://avatars.githubusercontent.com/u/237679121?v=4)](https://github.com/haunvbe "haunvbe (60 commits)") --- Tags laravelphpsymfonyphpsymfonylaravelcors ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/enlightener-php-cors/health.svg) ``` [![Health](https://phpackages.com/badges/enlightener-php-cors/health.svg)](https://phpackages.com/packages/enlightener-php-cors) ``` ### Alternatives [tzsk/otp A secure, database-free One-Time Password (OTP) generator and verifier for PHP and Laravel. 241641.4k1](/packages/tzsk-otp)[mitnick/laravel-security laravel-mitnick helps you secure your Laravel apps by setting various HTTP headers. it can help! 8111.7k1](/packages/mitnick-laravel-security) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)