christoph-kluge/reactphp-http-cors-middleware 问题修复 & 功能扩展

解决BUG、新增功能、兼容多环境部署,快速响应你的开发需求

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

christoph-kluge/reactphp-http-cors-middleware

Composer 安装命令:

composer require christoph-kluge/reactphp-http-cors-middleware

包简介

A cors middleware for the ReactPHP HTTP-Server

README 文档

README

This middleware implements Cross-origin resource sharing for ReactPHP. This repository got mainly inspired by tuupola/cors-middleware. Additional configuration ideas got taken from barryvdh/laravel-cors and nelmio/NelmioCorsBundle. The internal heavy lifting is done by neomerx/cors-psr7 library.

Build Status Total Downloads License

Install

To install via Composer, use the command below, it will automatically detect the latest version and bind it with ^.

composer require christoph-kluge/reactphp-http-cors-middleware

This middleware will detect CORS requests and will intercept the request if there is something invalid.

Usage

$server = new HttpServer(
    new CorsMiddleware(),
    function (ServerRequestInterface $request, callable $next) {
        return new Response(200, ['Content-Type' => 'text/html'], 'We test CORS');
    },
);

Configuration

The defaults for this middleware are mainly taken from enable-cors.org.

Available configuration options

Thanks to expressjs/cors#configuring-cors. As I took most configuration descriptions from there.

  • server_url: can be used to set enable strict Host header checks to avoid malicious use of our server. (default: null)
  • response_code: can be used to set the HTTP-StatusCode on a successful OPTIONS / Pre-Flight-Request (default: 204)
  • allow_credentials: Configures the Access-Control-Allow-Credentials CORS header. Expects an boolean (ex: true // to set the header)
  • allow_origin: Configures the Access-Control-Allow-Origin CORS header. Expects an array (ex: ['http://example.net', 'https://example.net']).
  • allow_origin_callback: Will set allow_origin to an empty array [] and use the callback on a per-request base. The first parameter is an instance of ParsedUrlInterface and the callback is expected to return an boolean.
  • allow_methods: Configures the Access-Control-Allow-Methods CORS header. Expects an array (ex: ['GET', 'PUT', 'POST']).
  • allow_headers: Configures the Access-Control-Allow-Headers CORS header. Expects an array (ex: ['Content-Type', 'Authorization']).
  • expose_headers: Configures the Access-Control-Expose-Headers CORS header. Expects an array (ex: ['Content-Range', 'X-Content-Range']).
  • max_age: Configures the Access-Control-Max-Age CORS header. Expects an integer representing seconds (ex: 1728000 // 20 days)

Default Settings (Allow All CORS Requests)

$settings = [
    'allow_credentials' => true,
    'allow_origin'      => ['*'],
    'allow_methods'     => ['GET', 'POST', 'PUT', 'DELETE', 'HEAD', 'OPTIONS'],
    'allow_headers'     => ['DNT','X-Custom-Header','Keep-Alive','User-Agent','X-Requested-With','If-Modified-Since','Cache-Control','Content-Type','Content-Range','Range'],
    'expose_headers'    => ['DNT','X-Custom-Header','Keep-Alive','User-Agent','X-Requested-With','If-Modified-Since','Cache-Control','Content-Type','Content-Range','Range'],
    'max_age'           => 60 * 60 * 24 * 20, // preflight request is valid for 20 days
];

Allow specific origins (Origin requires scheme, host and optionally port)

$server = new HttpServer(
    new CorsMiddleware([
        'allow_origin' => [
            'http://www.example.net',
            'https://www.example.net',
            'http://www.example.net:8443',
        ],
    ])
);

Allow origins on a per-request base (callback)

$server = new HttpServer(
    new CorsMiddleware([
        'allow_origin'          => [],
        'allow_origin_callback' => function(ParsedUrlInterface $origin) {
            // do some evaluation magic with origin ..
            return true;
        },
    ])
);

Use custom response code on pre-flight requests

Some legacy browsers choke on 204. Thanks to expressjs/cors#configuring-cors for that.

$server = new HttpServer(
    new CorsMiddleware([
        'response_code' => 200,
    ])
);

Use strict host checking

The default handling of this middleware will allow any "Host"-header. This means that you can use your server with any hostname you want. This might be a desired behavior but allows also the misuse of your server.

To prevent such a behavior there is a server_url option which will enable strict host checking. In this scenario the server will return a 403 with the body Origin not allowed.

$server = new HttpServer(
    new CorsMiddleware([
        'server_url' => 'http://api.example.net:8080'
    ])
);

License

The MIT License (MIT)

Copyright (c) 2017 Christoph Kluge

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

christoph-kluge/reactphp-http-cors-middleware 适用场景与选型建议

christoph-kluge/reactphp-http-cors-middleware 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 10.83k 次下载、GitHub Stars 达 10, 最近一次更新时间为 2017 年 10 月 04 日, 在 PHP 生态内属于活跃度较高的组件。

我们在过去多个企业项目中使用过 christoph-kluge/reactphp-http-cors-middleware 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 christoph-kluge/reactphp-http-cors-middleware 我们能提供哪些服务?
定制开发 / 二次开发

基于 christoph-kluge/reactphp-http-cors-middleware 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 10.83k
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 11
  • 点击次数: 14
  • 依赖项目数: 3
  • 推荐数: 0

GitHub 信息

  • Stars: 10
  • Watchers: 3
  • Forks: 5
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2017-10-04