Final Class Yiisoft\HttpMiddleware\CorsAllowAllMiddleware
| Inheritance | Yiisoft\HttpMiddleware\CorsAllowAllMiddleware |
|---|---|
| Implements | Psr\Http\Server\MiddlewareInterface |
Adds Cross-Origin Resource Sharing (CORS) headers allowing everything to the response.
Security notice. This middleware should not be used in production as-is unless you're absolutely certain it's safe for your context. Allowing all origins and credentials without restriction poses a serious security risk.
See also https://developer.mozilla.org/docs/Web/HTTP/Guides/CORS.
Public Methods
| Method | Description | Defined By |
|---|---|---|
| process() | Yiisoft\HttpMiddleware\CorsAllowAllMiddleware |
Method Details
| public \Psr\Http\Message\ResponseInterface process ( \Psr\Http\Message\ServerRequestInterface $request, \Psr\Http\Server\RequestHandlerInterface $handler ) | ||
| $request | \Psr\Http\Message\ServerRequestInterface | |
| $handler | \Psr\Http\Server\RequestHandlerInterface | |
public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
{
$response = $handler->handle($request);
return $response
->withHeader('Allow', '*')
->withHeader('Vary', 'Origin')
->withHeader('Access-Control-Allow-Origin', '*')
->withHeader('Access-Control-Allow-Methods', 'GET,OPTIONS,HEAD,POST,PUT,PATCH,DELETE')
->withHeader('Access-Control-Allow-Headers', '*')
->withHeader('Access-Control-Expose-Headers', '*')
->withHeader('Access-Control-Allow-Credentials', 'true')
->withHeader('Access-Control-Max-Age', '86400');
}
Signup or Login in order to comment.