PHPackages                             mitsuki/cors - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [HTTP &amp; Networking](/categories/http)
4. /
5. mitsuki/cors

ActiveLirary[HTTP &amp; Networking](/categories/http)

mitsuki/cors
============

Official CORS listener for the Mitsuki PHP framework with IP whitelisting support

v1.0.0(2mo ago)10MITPHPPHP &gt;=8.1

Since Feb 22Pushed 2mo agoCompare

[ Source](https://github.com/zgeniuscoders/mitsuki-cors)[ Packagist](https://packagist.org/packages/mitsuki/cors)[ RSS](/packages/mitsuki-cors/feed)WikiDiscussions main Synced 1mo ago

READMEChangelogDependencies (3)Versions (2)Used By (0)

Mitsuki CORS Listener
=====================

[](#mitsuki-cors-listener)

**Official CORS listener for the Mitsuki PHP framework** with configurable IP whitelisting support. Production-ready for secure REST APIs, microservices, and mobile backends.

✨ Features
----------

[](#-features)

- **Standard CORS headers** support (Origin, Methods, Headers, Credentials, Max-Age)
- **Configurable IP whitelisting** via `.env` (exact IPs + CIDR ranges: `192.168.1.0/24`)
- **Main request only** (`isMainRequest()` validation)
- **Symfony `kernel.response` event** listener
- **Production-ready CIDR validation** (`ip2long` + subnet mask)
- **Zero runtime dependencies** beyond core Mitsuki contracts

📦 Installation
--------------

[](#-installation)

```
composer require mitsuki/cors
```

**Production Requirements:**

- PHP `^8.1`
- `mitsuki/listener-contracts:^1.0`

**Development Dependencies:**

- `mitsuki/http:^1.0` (unit tests only)
- `pestphp/pest:^4.4` (testing)

📋 Usage Examples
----------------

[](#-usage-examples)

### Development (Allow All)

[](#development-allow-all)

```
CORS_ALLOWED_IPS=""
```

### Production Security

[](#production-security)

```
# Localhost + Docker + VPS range
CORS_ALLOWED_IPS="127.0.0.1,::1,192.168.1.0/24,10.96.0.0/12"
```

### Generated Response Headers

[](#generated-response-headers)

```
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, PATCH, OPTIONS
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 86400

```

🧪 Testing
---------

[](#-testing)

```
# Install dev dependencies (including mitsuki/http for tests)
composer install

# Run full test suite
./vendor/bin/pest

# Run specific tests
./vendor/bin/pest tests/Unit/CorsListenerTest.php
```

**Test Coverage:**

- Main vs sub-request handling
- Exact IP matching (`127.0.0.1`)
- CIDR range validation (`192.168.1.55` ∈ `192.168.1.0/24`)
- Fallback behavior (empty config = allow all)
- Full CORS headers verification

🏗️ Architecture
---------------

[](#️-architecture)

```
Mitsuki\Listeners\CorsListener implements ListenerResponseInterface
├── __construct(array $allowedIps = [])
├── onKernelResponse(ResponseEvent $event)
│   ├── if (!$event->isMainRequest()) return
│   ├── $clientIp = $request->getClientIp()
│   ├── if (!$this->isIpAllowed($clientIp)) return
│   └── $response->headers->set() // CORS headers
├── isIpAllowed(string $ip): bool
│   └── foreach($allowedIps) { CIDR/exact match }
└── ipInCidr(string $ip, string $cidr): bool
    └── ip2long() + subnet mask logic

```

🔧 Advanced Usage
----------------

[](#-advanced-usage)

### IPv6 Support

[](#ipv6-support)

```
CORS_ALLOWED_IPS="2001:db8::/32,::1,127.0.0.1"
```

### Custom Headers/Methods

[](#custom-headersmethods)

```
// Extend the listener
class CustomCorsListener extends CorsListener
{
    protected function setCorsHeaders(Response $response): void
    {
        parent::setCorsHeaders($response);
        $response->headers->set('Access-Control-Allow-Headers', 'X-API-Key,Authorization');
    }
}
```

🎯 Perfect For
-------------

[](#-perfect-for)

- **REST APIs** → Flutter/React/Vue SPAs
- **Microservices** → Docker/Kubernetes networking
- **Secure deployments** → VPS/hosting providers
- **JWT/OAuth2** → API authentication flows

📁 Repository Structure
----------------------

[](#-repository-structure)

```
mitsuki/cors/
├── src/
│   └── CorsListener.php
├── tests/
│   └── Unit/
│       └── CorsListenerTest.php
├── composer.json
├── README.md
└── LICENSE

```

📄 License
---------

[](#-license)

MIT License © 2026 [ZGenius Matondo](mailto:zgeniuscoders@gmail.com)

```
Made with ❤️ for the Mitsuki PHP framework

```

---

###  Health Score

35

—

LowBetter than 80% of packages

Maintenance83

Actively maintained with recent releases

Popularity2

Limited adoption so far

Community6

Small or concentrated contributor base

Maturity42

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Unknown

Total

1

Last Release

86d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/59ea5d2ce29d5426a3d7feabbcc7b07772b03dd80e4cd13afd6f9ac5e0469998?d=identicon)[zgenius](/maintainers/zgenius)

---

Top Contributors

[![zgeniuscoders](https://avatars.githubusercontent.com/u/101071661?v=4)](https://github.com/zgeniuscoders "zgeniuscoders (1 commits)")

---

Tags

httpsymfonysecuritycorslistenermicro-frameworkcidrip-whitelistmitsuki

###  Code Quality

TestsPest

### Embed Badge

![Health badge](/badges/mitsuki-cors/health.svg)

```
[![Health](https://phpackages.com/badges/mitsuki-cors/health.svg)](https://phpackages.com/packages/mitsuki-cors)
```

###  Alternatives

[fruitcake/php-cors

Cross-origin resource sharing library for the Symfony HttpFoundation

314242.1M35](/packages/fruitcake-php-cors)[middlewares/cors

Middleware to implement Cross-Origin Resource Sharing (CORS)

1372.2k3](/packages/middlewares-cors)[middlewares/csp

Middleware to add the Content-Security-Policy header to the response

1720.6k](/packages/middlewares-csp)[geekality/php-cross-domain-proxy

Simple self-contained PHP proxy for cross-origin ajax requests.

241.4k](/packages/geekality-php-cross-domain-proxy)[middlewares/honeypot

Middleware to implement a honeypot spam prevention

142.6k](/packages/middlewares-honeypot)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)