PHPackages struggle-for-php/sfp-cors-middleware - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [HTTP & Networking](/categories/http) 4. / 5. struggle-for-php/sfp-cors-middleware ActiveLibrary[HTTP & Networking](/categories/http) struggle-for-php/sfp-cors-middleware ==================================== PSR-7 CORS Middleware 0.15.0(8y ago)091MITPHPPHP ^7.1 Since Apr 25Pushed 8y ago1 watchersCompare [ Source](https://github.com/struggle-for-php/sfp-cors-middleware)[ Packagist](https://packagist.org/packages/struggle-for-php/sfp-cors-middleware)[ Docs](https://github.com/struggle-for-php/sfp-cors-middleware)[ RSS](/packages/struggle-for-php-sfp-cors-middleware/feed)WikiDiscussions master Synced today READMEChangelog (1)Dependencies (5)Versions (5)Used By (0) PSR-7 CORS Middleware ===================== [](#psr-7-cors-middleware) This middleware implements [Cross-origin resource sharing](https://en.wikipedia.org/wiki/Cross-origin_resource_sharing). It was originally developed for Slim but can be used with all frameworks using PSR-7 style middlewares. It has been tested with [Slim Framework](http://www.slimframework.com/) and [Zend Expressive](https://zendframework.github.io/zend-expressive/). Internally the middleware uses [neomerx/cors-psr7](https://github.com/neomerx/cors-psr7) library for heavy lifting. [![Latest Version](https://camo.githubusercontent.com/8b0d2eef00abeffb2456407f3a8b3fd8ad6f7b16b315a6867c98adfd6635e584/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f747575706f6c612f636f72732d6d6964646c65776172652e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/tuupola/cors-middleware)[![Software License](https://camo.githubusercontent.com/55c0218c8f8009f06ad4ddae837ddd05301481fcf0dff8e0ed9dadda8780713e/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d627269676874677265656e2e7376673f7374796c653d666c61742d737175617265)](LICENSE.md)[![Build Status](https://camo.githubusercontent.com/8dfe23f0448dc360cc679f0686ef72e7d7c75f528420cabda9dc8a1ace8e6636/68747470733a2f2f696d672e736869656c64732e696f2f7472617669732f747575706f6c612f636f72732d6d6964646c65776172652f6d61737465722e7376673f7374796c653d666c61742d737175617265)](https://travis-ci.org/tuupola/cors-middleware)[![HHVM Status](https://camo.githubusercontent.com/7a62ee6d5e3d73817d3845091485c89db9880d2ec4f39962ba49fce0179260de/68747470733a2f2f696d672e736869656c64732e696f2f6868766d2f747575706f6c612f636f72732d6d6964646c65776172652e7376673f7374796c653d666c61742d737175617265)](http://hhvm.h4cc.de/package/tuupola/cors-middleware)[![Coverage](https://camo.githubusercontent.com/6cbae02496aa82f38e6a3854747bdc16a3b1ba0cbdd4d4220f9dcaba0ccce328/687474703a2f2f696d672e736869656c64732e696f2f636f6465636f762f632f6769746875622f747575706f6c612f636f72732d6d6964646c65776172652e7376673f7374796c653d666c61742d737175617265)](https://codecov.io/github/tuupola/cors-middleware) Install ------- [](#install) Install using [composer](https://getcomposer.org/). ``` $ composer require tuupola/cors-middleware ``` Usage ----- [](#usage) Documentation assumes you have working knowledge of CORS. There are no mandatory parameters. If called without any parameters the following defaults are used. Examples assume you are using Slim Framework. ``` $app = new \Slim\App(); $app->add(new \Tuupola\Middleware\Cors([ "origin" => ["*"], "methods" => ["GET", "POST", "PUT", "PATCH", "DELETE"], "headers.allow" => [], "headers.expose" => [], "credentials" => false, "cache" => 0, ])); ``` ``` $ curl "https://api.example.com/" \ --request OPTIONS \ --include --header "Access-Control-Request-Method: PUT" \ --header "Origin: http://www.example.com" HTTP/1.1 200 OK Access-Control-Allow-Origin: http://www.example.com Vary: Origin Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE ``` However, you most likely want to change some of the defaults. For example if developing a REST API which supports caching and conditional requests you could use the following. ``` $app = new \Slim\App(); $app->add(new \Tuupola\Middleware\Cors([ "origin" => ["*"], "methods" => ["GET", "POST", "PUT", "PATCH", "DELETE"], "headers.allow" => ["Authorization", "If-Match", "If-Unmodified-Since"], "headers.expose" => ["Etag"], "credentials" => true, "cache" => 86400 ])); ``` ``` $ curl "https://api.example.com/foo" \ --request OPTIONS \ --include \ --header "Origin: http://www.example.com" \ --header "Access-Control-Request-Method: PUT" \ --header "Access-Control-Request-Headers: Authorization, If-Match" HTTP/1.1 200 OK Access-Control-Allow-Origin: http://www.example.com Access-Control-Allow-Credentials: true Vary: Origin Access-Control-Max-Age: 86400 Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE Access-Control-Allow-Headers: authorization, if-match, if-unmodified-since ``` ``` $ curl "https://api.example.com/foo" \ --request PUT \ --include \ --header "Origin: http://www.example.com" HTTP/1.1 200 OK Access-Control-Allow-Origin: http://www.example.com Access-Control-Allow-Credentials: true Vary: Origin Access-Control-Expose-Headers: Etag ``` Other parameters ---------------- [](#other-parameters) ### Logger [](#logger) The optional `logger` parameter allows you to pass in a PSR-3 compatible logger to help with debugging or other application logging needs. ``` $app = new \Slim\App(); $logger = \Monolog\Logger("slim"); $rotating = new RotatingFileHandler(__DIR__ . "/logs/slim.log", 0, Logger::DEBUG); $logger->pushHandler($rotating); $app->add(new \Tuupola\Middleware\Cors([ "logger" => $logger, ])); ``` ### Error [](#error) Error is called when CORS request fails. It receives last error message in arguments. This can be used for example to create `application/json` responses when CORS request fails. ``` $app = new \Slim\App(); $app->add(new \Tuupola\Middleware\Cors([ "methods" => ["GET", "POST", "PUT"], "error" => function ($request, $response, $arguments) { $data["status"] = "error"; $data["message"] = $arguments["message"]; return $response ->withHeader("Content-Type", "application/json") ->write(json_encode($data, JSON_UNESCAPED_SLASHES | JSON_PRETTY_PRINT)); } ])); ``` ``` $ curl https://api.example.com/foo \ --request OPTIONS \ --include \ --header "Access-Control-Request-Method: PATCH" \ --header "Origin: http://www.example.com" HTTP/1.1 401 Unauthorized Content-Type: application/json Content-Length: 83 { "status": "error", "message": "CORS requested method is not supported." } ``` Testing ------- [](#testing) You can run tests either manually... ``` $ vendor/bin/phpunit $ vendor/bin/phpcs --standard=PSR2 src/ -p ``` ... or automatically on every code change. ``` $ npm install $ grunt watch ``` Contributing ------------ [](#contributing) Please see [CONTRIBUTING](CONTRIBUTING.md) for details. Security -------- [](#security) If you discover any security related issues, please email instead of using the issue tracker. License ------- [](#license) The MIT License (MIT). Please see [License File](LICENSE.md) for more information. ### Health Score 23 — LowBetter than 27% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity5 Limited adoption so far Community10 Small or concentrated contributor base Maturity51 Maturing project, gaining track record Bus Factor1 Top contributor holds 84.4% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~151 days Total 4 Last Release 3214d ago PHP version history (4 changes)0.5.0PHP >=5.4.0 0.5.1PHP >=5.5.0 0.5.2PHP ^5.5 || ^7.0 0.15.0PHP ^7.1 ### Community Maintainers ![](https://www.gravatar.com/avatar/4eed2726ad1fce689a99672d965d8b4a387f030f08290e00708b66e4621139d2?d=identicon)[sasezaki](/maintainers/sasezaki) --- Top Contributors [![tuupola](https://avatars.githubusercontent.com/u/21913?v=4)](https://github.com/tuupola "tuupola (38 commits)")[![sasezaki](https://avatars.githubusercontent.com/u/42755?v=4)](https://github.com/sasezaki "sasezaki (7 commits)") --- Tags middlewarecors ### Code Quality TestsPHPUnit Code StylePHP\_CodeSniffer ### Embed Badge ![Health badge](/badges/struggle-for-php-sfp-cors-middleware/health.svg) ``` [![Health](https://phpackages.com/badges/struggle-for-php-sfp-cors-middleware/health.svg)](https://phpackages.com/packages/struggle-for-php-sfp-cors-middleware) ``` ### Alternatives [league/uri URI manipulation library 1.1k206.4M277](/packages/league-uri)[tuupola/cors-middleware PSR-7 and PSR-15 CORS middleware 1331.8M24](/packages/tuupola-cors-middleware)[middlewares/cors Middleware to implement Cross-Origin Resource Sharing (CORS) 1372.2k3](/packages/middlewares-cors)[neomerx/cors-illuminate CORS (Cross-Origin Resource Sharing) support for Laravel and Lumen 4996.4k2](/packages/neomerx-cors-illuminate)[bairwell/middleware-cors A PSR-7 middleware layer for providing CORS (Cross Origin Request Security) headers and security provisions. Instead of just allowing invalid CORs requests to come through, this middleware actively blocks them after validating. 1920.9k1](/packages/bairwell-middleware-cors) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)