Laravel SPA cors - PHP (1)

📌 相关文章

📜 Laravel SPA cors - PHP (1)

📅 最后修改于: 2023-12-03 15:17:12.997000 🧑 作者: Mango

Laravel SPA CORS - PHP

Introduction

Laravel SPA CORS (Cross-Origin Resource Sharing) is a package that allows you to configure CORS settings for your Laravel Single Page Application (SPA). CORS is a security feature implemented in web browsers that allows sites to limit which external sites can access their resources.

By default, Laravel does not enable CORS for security reasons. However, if your SPA needs to access resources from a different domain, you will need to enable CORS. Laravel SPA CORS provides an easy way to configure CORS settings for your Laravel SPA.

Installation

You can install Laravel SPA CORS via Composer. First, add the package to your composer.json file:

"require": {
    "fruitcake/laravel-cors": "^2.0"
}

Then, run the following command to install the package:

composer update

Next, add the following service provider to your config/app.php file:

Fruitcake\Cors\CorsServiceProvider::class,

Finally, publish the configuration file by running the following command:

php artisan vendor:publish --provider="Fruitcake\Cors\CorsServiceProvider"

Configuration

After installing the package, you can configure CORS settings in the config/cors.php file. Here are some of the basic configuration options:

'paths' => ['api/*'], // The URI path(s) to which the CORS filter should apply
'allowed_methods' => ['*'], // The HTTP method(s) allowed for CORS requests
'allowed_origins' => ['*'], // The domain(s) allowed to make CORS requests
'allowed_origins_patterns' => [], // Regular expression(s) that match the domain(s) allowed to make CORS requests
'allowed_headers' => ['*'], // The HTTP header(s) allowed for CORS requests
'exposed_headers' => false, // The HTTP header(s) that can be exposed to the browser
'max_age' => 0, // The maximum number of seconds the browser should cache the CORS response
'supports_credentials' => false, // Whether or not cookies should be allowed for CORS requests

You can also define different settings for different URI paths. For example:

'paths' => [
    'api/*' => [
        'allowed_origins' => ['http://example.com'],
        'allowed_methods' => ['GET', 'POST'],
    ],
    'auth/*' => [
        'allowed_origins' => ['*'],
        'allowed_methods' => ['POST'],
        'supports_credentials' => true,
    ],
],

This configuration would allow CORS requests from http://example.com to any endpoint under /api/, and would also allow CORS requests to any authentication-related endpoints with cookies enabled.

Usage

Once you have configured your CORS settings, you can use them in your Laravel controller by adding the Cors middleware to the route.

For example:

Route::middleware('cors')->get('/api/products', function () {
    // Your logic here...
});

This would enable CORS for the /api/products endpoint.

Conclusion

Laravel SPA CORS is a useful package for enabling CORS settings in your Laravel SPA. Configuring it is easy and straightforward, and it can prevent security issues with unauthorized access to your application's resources.