PHPackages fruitcake/php-cors - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [HTTP & Networking](/categories/http) 4. / 5. fruitcake/php-cors ActiveLibrary[HTTP & Networking](/categories/http) fruitcake/php-cors ================== Cross-origin resource sharing library for the Symfony HttpFoundation v1.4.0(5mo ago)314242.1M—4.7%20[2 issues](https://github.com/fruitcake/php-cors/issues)[2 PRs](https://github.com/fruitcake/php-cors/pulls)20MITPHPPHP ^8.1CI passing Since Feb 18Pushed 4mo ago4 watchersCompare [ Source](https://github.com/fruitcake/php-cors)[ Packagist](https://packagist.org/packages/fruitcake/php-cors)[ Docs](https://github.com/fruitcake/php-cors)[ Fund](https://fruitcake.nl)[ GitHub Sponsors](https://github.com/barryvdh)[ RSS](/packages/fruitcake-php-cors/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (10)Dependencies (4)Versions (18)Used By (20) CORS for PHP (using the Symfony HttpFoundation) =============================================== [](#cors-for-php-using-the-symfony-httpfoundation) [![Unit Tests](https://github.com/fruitcake/php-cors/actions/workflows/run-tests.yml/badge.svg)](https://github.com/fruitcake/php-cors/actions)[![PHPStan Level 9](https://camo.githubusercontent.com/f9b288f4093bcfed63270d4f62142fdfa9f78198a14be806f77f722e9103fcf6/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f5048505374616e2d4c6576656c25323031302d626c7565)](https://github.com/fruitcake/php-cors/actions)[![Code Coverage](https://camo.githubusercontent.com/ce3be308ae17b5c72b6f5f6da39c1b2947df3ec630893608ce429eb2dd08928b/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f436f6465436f7665726167652d3130302532352d627269676874677265656e)](https://github.com/fruitcake/php-cors/actions/workflows/run-coverage.yml)[![Packagist License](https://camo.githubusercontent.com/e60623f508586f049d48cfb8396ee411b0c9bc3be174381a1893c37462a3c1e5/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4c6963656e63652d4d49542d626c7565)](http://choosealicense.com/licenses/mit/)[![Latest Stable Version](https://camo.githubusercontent.com/2d7aadfb0af92f5ce3a251dca089758e604e882ed1d002277d78b81d72a95a9a/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f667275697463616b652f7068702d636f72733f6c6162656c3d537461626c65)](https://packagist.org/packages/fruitcake/php-cors)[![Total Downloads](https://camo.githubusercontent.com/16b736ee1b87bffd4b82bb71e171e0c2937050566c3455eba6f21716289fd2d2/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f667275697463616b652f7068702d636f72733f6c6162656c3d446f776e6c6f616473)](https://packagist.org/packages/fruitcake/php-cors)[![Fruitcake](https://camo.githubusercontent.com/28d7584b52e33d7b4ffb6b1bef8b89b6e598adb45c8c0d5f80349c1c304f385e/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f506f776572656425323042792d467275697463616b652d6232626333352e737667)](https://fruitcake.nl/) Library and middleware enabling cross-origin resource sharing for your http-{foundation,kernel} using application. It attempts to implement the [W3C Recommendation](http://www.w3.org/TR/cors/) for cross-origin resource sharing. > Note: This is a standalone fork of and is compatible with the options for CorsService. Installation ------------ [](#installation) Require `fruitcake/php-cors` using composer. Usage ----- [](#usage) This package can be used as a library. You can use it in your framework using: - [Stack middleware](http://stackphp.com/): - [Laravel](https://laravel.com): ### Options [](#options) OptionDescriptionDefault valueallowedMethodsMatches the request method.`[]`allowedOriginsMatches the request origin.`[]`allowedOriginsPatternsMatches the request origin with `preg_match`.`[]`allowedHeadersSets the Access-Control-Allow-Headers response header.`[]`exposedHeadersSets the Access-Control-Expose-Headers response header.`[]`maxAgeSets the Access-Control-Max-Age response header.`0`supportsCredentialsSets the Access-Control-Allow-Credentials header.`false`The *allowedMethods* and *allowedHeaders* options are case-insensitive. You don't need to provide both *allowedOrigins* and *allowedOriginsPatterns*. If one of the strings passed matches, it is considered a valid origin. A wildcard in allowedOrigins will be converted to a pattern. If `['*']` is provided to *allowedMethods*, *allowedOrigins* or *allowedHeaders* all methods / origins / headers are allowed. > Note: Allowing a single static origin will improve cacheability. ### Example: using the library [](#example-using-the-library) ```