MainelyDesign.com Blog

CORS Middleware in Cakephp 3

Posted on 10/11/2016 at 09:44 pm by Kevin Wentworth
Viewed 1,589 times | 0 comments

I didn't end up needing this (yet) but wanted to post here for future reference.  This is CorsMiddleware for CakePHP 3:

  1. // Plugin\src\Middleware\CorsMiddleware.php
  2.  
  3. namespace Plugin\Middleware;
  4.  
  5. class CorsMiddleware
  6. {
  7.     public function __invoke($request, $response, $next)
  8.     {
  9.         // Calling $next() delegates control to the *next* middleware
  10.         // In your application's queue.
  11.         $response = $next($request, $response);
  12.  
  13.         // When modifying the response, you should do it
  14.         // *after* calling next.
  15.        
  16.         // Allow from any origin
  17.         if (isset($_SERVER['HTTP_ORIGIN'])) {
  18.             $response = $response->withHeader('Access-Control-Allow-Origin', $_SERVER['HTTP_ORIGIN'])     // or '*'
  19.                 ->withHeader('Access-Control-Allow-Credentials', 'true')
  20.                 //->withHeader('Access-Control-Max-Age', '0');    // no cache
  21.                 ->withHeader('Access-Control-Max-Age', '86400');    // cache for 1 day
  22.        
  23.        
  24.             // Access-Control headers are received during OPTIONS requests
  25.             if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
  26.            
  27.                 if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD'])) {
  28.                     $response = $response->withHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS, PUT, DELETE');
  29.                 }
  30.                    
  31.            
  32.                 if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS'])) {
  33.                     $response = $response->withHeader('Access-Control-Allow-Headers', $_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']);
  34.                 }
  35.                
  36.                 $response = $response->withoutHeader('Location');
  37.                 $response = $response->withStatus(200);
  38.                
  39.             }
  40.         }
  41.        
  42.         return $response;
  43.     }
  44. }

And make sure you put this in your plugin bootstrap file.  (If you don't have a plugin you can just add middleware to your App/Application.php file)

  1. // Plugin\config\bootstrap.php or App\src\Application.php
  2.  
  3. use Plugin\Middleware\CorsMiddleware;
  4.  
  5. EventManager::instance()->on(
  6.         'Server.buildMiddleware',
  7.         function ($event, $middleware) {
  8.             $middleware->add(new CorsMiddleware());
  9.         });

I started with the code I found here.  Please note that this implementation is wide-open and doesn't limit the origin(s) in any way.

Cheers,

-Kevin Wentworth

Bookmark and Share

Tags for CORS Middleware in Cakephp 3

Cakephp | Cake3 | Web Programming | Javascript | Example

Comments for this Posting

No comments. Be the first to post a reply.

Sorry, comments are closed for this posting.

Please Email Kevin if you have any questions. Thanks!

Meet Site Avenger - Hosted Content Management System

Powered By: Site Avenger | Site Production: Saco Design