PHPackages                             salienture/salienture-cakephp-cors-plugin - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [HTTP & Networking](/categories/http)
4. /
5. salienture/salienture-cakephp-cors-plugin

ActiveCakephp-plugin[HTTP & Networking](/categories/http)

salienture/salienture-cakephp-cors-plugin
=========================================

Salienture CakePHP 5 CORS Plugin

1.0.1(1y ago)02071MITPHPPHP >=8.1

Since Oct 27Pushed 1y agoCompare

[ Source](https://github.com/salienture/salienture-cakephp-cors-plugin)[ Packagist](https://packagist.org/packages/salienture/salienture-cakephp-cors-plugin)[ RSS](/packages/salienture-salienture-cakephp-cors-plugin/feed)WikiDiscussions main Synced 3w ago

READMEChangelog (2)Dependencies (3)Versions (3)Used By (0)

Salienture CakePHP 5 CORS Plugin
================================

[](#salienture-cakephp-5-cors-plugin)

**Salienture CakePHP 5 CORS Plugin** provides a simple and configurable way to handle Cross-Origin Resource Sharing (CORS) in CakePHP 5 applications. This plugin allows you to manage CORS policies through middleware and configuration, ensuring that your API or web application can securely handle cross-origin requests.

Features
--------

[](#features)

- Easily configurable CORS settings are available through the CakePHP configuration files.
- Full control over allowed origins, headers, and methods.
- Middleware-based implementation to handle CORS headers at the request level.
- Support for preflight (OPTIONS) requests.
- Enable or disable CORS on a per-route or global basis.
- Lightweight and easy to integrate.

Installation
------------

[](#installation)

### 1. Install the Plugin via Composer

[](#1-install-the-plugin-via-composer)

You can install the plugin using Composer by running the following command at the root of your CakePHP 5 project:

```
composer require salienture/salienture-cakephp-cors-plugin
```

### 2. Load the Plugin

[](#2-load-the-plugin)

After installation, load the plugin:

```
bin/cake plugin load Salienture/Cors
```

### 3. Configure CORS Settings

[](#3-configure-cors-settings)

You can define the CORS configuration in your `config/app_local.php` file. Here's an example configuration:

```
/**
 * CORS configuration settings.
 *
 * This configuration controls the behavior of Cross-Origin Resource Sharing (CORS)
 * in the application. It defines the allowed origins, methods, headers, and other
 * related settings for managing CORS requests.
 *
 * @return array The CORS configuration array.
 *
 * - 'allowOrigin': array|string
 *      Defines the origins that are allowed to access the server's resources.
 *      Can be a specific domain (e.g., 'https://example.com') or '*' to allow all origins.
 *
 * - 'allowMethods': array
 *      Lists the HTTP methods that are allowed for cross-origin requests.
 *      Common methods include 'GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'.
 *
 * - 'allowHeaders': array
 *      Specifies which headers can be included in the CORS request. For example,
 *      'Authorization' and 'Content-Type' are commonly used headers in API requests.
 *
 * - 'exposeHeaders': array
 *      Lists the headers that are safe to expose to the client (browser). These headers
 *      can be made visible via JavaScript on the client side.
 *
 * - 'maxAge': int
 *      Indicates how long the results of a preflight request can be cached by the client,
 *      in seconds. A value of 3600 seconds (1 hour) is typically used.
 *
 * - 'credentials': bool
 *      A boolean value that indicates whether credentials (such as cookies,
 *      authorization headers, or TLS client certificates) are allowed in cross-origin requests.
 */
'Cors' => [
    'allowOrigin' => ['http://localhost:3000'], // Array of allowed origins, or '*' for all origins.
    'allowMethods' => ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS'], // HTTP methods to allow.
    'allowHeaders' => ['X-Requested-With', 'Content-Type', 'Authorization'], // Headers allowed in the request. 'true' for all headers. e.g. ['Authorization', 'Content-Type']
    'exposeHeaders' => ['Link'], // Headers that can be exposed to the browser.
    'maxAge' => 3600, // Time in seconds for how long the results of a preflight request can be cached.
    'credentials' => true, // Whether to allow cookies and credentials.
],
```

### 4. Enable or Disable CORS for Specific Routes (Optional)

[](#4-enable-or-disable-cors-for-specific-routes-optional)

If you want to enable or disable CORS on specific routes, you can configure it in the `routes.php` file using route scoping:

```
use Salienture\Cors\Middleware\CorsMiddleware;

$routes->scope('/api', function (RouteBuilder $routes) {
    // Set the default content type to JSON for the /api routes
    $builder->setExtensions(['json']);

    // Add CORS Middleware for the /api routes
    $routes->registerMiddleware('cors', new CorsMiddleware());
    $routes->applyMiddleware('cors');

    // Define your API routes here
    $routes->connect('/posts', ['controller' => 'Posts', 'action' => 'index']);
});
```

Usage
-----

[](#usage)

Once installed and configured, the **Salienture CakePHP 5 CORS Plugin** automatically adds the necessary CORS headers to incoming requests. It handles both simple and preflight (OPTIONS) requests.

### Example: Handling CORS in an API

[](#example-handling-cors-in-an-api)

For example, if you have an API endpoint `/api/posts`, the plugin will:

1. Automatically add CORS headers (`Access-Control-Allow-Origin`, `Access-Control-Allow-Methods`, etc.) to responses.
2. Handle OPTIONS requests for preflight checks.
3. Restrict access based on your configured CORS policy.

### Example CORS Response Headers

[](#example-cors-response-headers)

If a request is made to your API, the response might include headers like:

```
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Expose-Headers: Link
Access-Control-Max-Age: 3600
Access-Control-Allow-Credentials: true

```

Customizing Middleware
----------------------

[](#customizing-middleware)

If you need more control over how CORS is handled (e.g., conditional behavior for different routes), you can modify the `CorsMiddleware` class to suit your needs.

Testing
-------

[](#testing)

To verify that CORS functions correctly, make cross-origin HTTP requests using a client such as `Postman`, or make AJAX requests from a browser in a different domain. Ensure that the appropriate CORS headers are present in the response.

License
-------

[](#license)

This plugin is licensed under the MIT License.

###  Health Score

28

—

LowBetter than 52% of packages

Maintenance35

Infrequent updates — may be unmaintained

Popularity12

Limited adoption so far

Community7

Small or concentrated contributor base

Maturity49

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~0 days

Total

2

Last Release

604d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/a4a909ae244db4021f4e9cfc19fab7b19af94171a62a495b980c98d4c0bbff50?d=identicon)[sandeep-kadyan](/maintainers/sandeep-kadyan)

---

Top Contributors

[![sandeep-kadyan](https://avatars.githubusercontent.com/u/63108804?v=4)](https://github.com/sandeep-kadyan "sandeep-kadyan (7 commits)")

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/salienture-salienture-cakephp-cors-plugin/health.svg)

```
[![Health](https://phpackages.com/badges/salienture-salienture-cakephp-cors-plugin/health.svg)](https://phpackages.com/packages/salienture-salienture-cakephp-cors-plugin)
```

###  Alternatives

[cakephp/bake

Bake plugin for CakePHP

11211.7M190](/packages/cakephp-bake)[dereuromark/cakephp-tools

A CakePHP plugin containing lots of useful and reusable tools

333972.2k49](/packages/dereuromark-cakephp-tools)[dereuromark/cakephp-queue

The Queue plugin for CakePHP provides deferred task execution.

308914.0k25](/packages/dereuromark-cakephp-queue)[dereuromark/cakephp-ide-helper

CakePHP IdeHelper Plugin to improve auto-completion

1882.3M40](/packages/dereuromark-cakephp-ide-helper)[mixerapi/mixerapi

Streamline development of API-first applications in CakePHP

4443.0k](/packages/mixerapi-mixerapi)[dereuromark/cakephp-tinyauth

A CakePHP plugin to handle user authentication and authorization the easy way.

131237.3k13](/packages/dereuromark-cakephp-tinyauth)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)