PHPackages rrd108/cakephp-cors - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Utility & Helpers](/categories/utility) 4. / 5. rrd108/cakephp-cors ActiveCakephp-plugin[Utility & Helpers](/categories/utility) rrd108/cakephp-cors =================== A CakePHP plugin for activate cors domain in your application 0.1.1(2y ago)02.4k↓28.6%2MITPHP Since Jan 8Pushed 2y ago2 watchersCompare [ Source](https://github.com/rrd108/cakephp-cors)[ Packagist](https://packagist.org/packages/rrd108/cakephp-cors)[ RSS](/packages/rrd108-cakephp-cors/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (4)Dependencies (5)Versions (5)Used By (0) cakephp-cors ============ [](#cakephp-cors) A CakePHP 5 plugin for activate cors domain in your application with [Middleware](https://book.cakephp.org/5/en/controllers/middleware.html). Forked from [ozee31/cakephp-cors](https://github.com/ozee31/cakephp-cors) as it is archived. [Learn more about CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS) Installation ------------ [](#installation) You can install this plugin into your CakePHP application using [composer](http://getcomposer.org). The recommended way to install composer packages is: ``` composer require rrd108/cakephp-cors ``` Then load the plugin with the command: ``` bin/cake plugin load Rrd108/Cors ``` Changing the default settings ----------------------------- [](#changing-the-default-settings) By default the plugin authorize cors for all origins, all methods and all headers and caches all for one day. If you are happy with the default settings, you can skip this section. If you want to change any of the values then create your own `config/cors.php` file at your project's `config` directory. In your config file, you should use only those keys that you want to change. It will be merged to the default one. So, for example, if you are happy with all the options, except `AllowOrigin` default, then you have to put this into your on config file. ``` 'Cors' => [ 'AllowOrigin' => ['http://localhost:5173', 'https://example.com'], ] ``` #### AllowOrigin ([Access-Control-Allow-Origin](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Access-Control-Allow-Origin)) [](#alloworigin-access-control-allow-origin) A returned resource may have one Access-Control-Allow-Origin header, with the following syntax: ``` 'Cors' => [ // Accept all origins 'AllowOrigin' => true, // OR 'AllowOrigin' => '*', // Accept one origin 'AllowOrigin' => 'http://webmania.cc' // Accept many origins 'AllowOrigin' => ['http://webmania.cc', 'https://example.com'] ] ``` #### AllowCredentials ([Access-Control-Allow-Credentials](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Access-Control-Allow-Credentials)) [](#allowcredentials-access-control-allow-credentials) The Access-Control-Allow-Credentials header Indicates whether or not the response to the request can be exposed when the credentials flag is true. When used as part of a response to a preflight request, this indicates whether or not the actual request can be made using credentials. Note that simple GET requests are not preflighted, and so if a request is made for a resource with credentials, if this header is not returned with the resource, the response is ignored by the browser and not returned to web content. ``` 'Cors' => [ 'AllowCredentials' => true, // OR 'AllowCredentials' => false, ] ``` #### AllowMethods ([Access-Control-Allow-Methods](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Access-Control-Allow-Methods)) [](#allowmethods-access-control-allow-methods) ``` 'Cors' => [ // shoud be an array 'AllowMethods' => ['GET', 'POST'], ] ``` #### AllowHeaders ([Access-Control-Allow-Headers](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Access-Control-Allow-Headers)) [](#allowheaders-access-control-allow-headers) The Access-Control-Allow-Headers header is used in response to a preflight request to indicate which HTTP headers can be used when making the actual request. ``` 'Cors' => [ // accept all headers 'AllowHeaders' => true, // accept just authorization 'AllowHeaders' => 'authorization', // accept many headers 'AllowHeaders' => ['authorization', 'other-header'], ] ``` #### ExposeHeaders ([Access-Control-Expose-Headers](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Access-Control-Expose-Headers)) [](#exposeheaders-access-control-expose-headers) The Access-Control-Expose-Headers header lets a server whitelist headers that browsers are allowed to access. For example: ``` 'Cors' => [ // nothing 'ExposeHeaders' => false, // string 'ExposeHeaders' => 'X-My-Custom-Header', // array 'ExposeHeaders' => ['X-My-Custom-Header', 'X-Another-Custom-Header'], ] ``` #### MaxAge ([Access-Control-Max-Age](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Access-Control-Max-Age)) [](#maxage-access-control-max-age) The Access-Control-Max-Age header indicates how long the results of a preflight request can be cached. For an example of a preflight request, see the above examples. ``` 'Cors' => [ // no cache 'MaxAge' => false, // 1 hour 'MaxAge' => 3600, // 1 day 'MaxAge' => 86400, ] ``` ### Health Score 24 — LowBetter than 32% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity22 Limited adoption so far Community11 Small or concentrated contributor base Maturity35 Early-stage or recently created project Bus Factor1 Top contributor holds 88.2% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~8 days Total 4 Last Release 835d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/0f115ed63db719bb70b5f9f74a077e5dba1e3962d394f63bde914de8f64171d8?d=identicon)[rrd](/maintainers/rrd) --- Top Contributors [![rrd108](https://avatars.githubusercontent.com/u/3147489?v=4)](https://github.com/rrd108 "rrd108 (15 commits)")[![LordSimal](https://avatars.githubusercontent.com/u/9105243?v=4)](https://github.com/LordSimal "LordSimal (2 commits)") ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/rrd108-cakephp-cors/health.svg) ``` [![Health](https://phpackages.com/badges/rrd108-cakephp-cors/health.svg)](https://phpackages.com/packages/rrd108-cakephp-cors) ``` ### Alternatives [markstory/asset_compress An asset compression plugin for CakePHP. Provides file concatenation and a flexible filter system for preprocessing and minification. 3761.0M11](/packages/markstory-asset-compress)[mcp/sdk Model Context Protocol SDK for Client and Server applications in PHP 1.4k423.9k30](/packages/mcp-sdk)[psr7-sessions/storageless Storageless PSR-7 Session support 652373.0k8](/packages/psr7-sessions-storageless)[dereuromark/cakephp-tools A CakePHP plugin containing lots of useful and reusable tools 338920.1k32](/packages/dereuromark-cakephp-tools)[jaxon-php/jaxon-core Jaxon is an open source PHP library for easily creating Ajax web applications 73142.3k25](/packages/jaxon-php-jaxon-core)[flarum/core Delightfully simple forum software. 211.3M1.9k](/packages/flarum-core) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)