christoph-kluge/reactphp-http-cors-middleware
Composer 安装命令:
composer require christoph-kluge/reactphp-http-cors-middleware
包简介
A cors middleware for the ReactPHP HTTP-Server
README 文档
README
This middleware implements Cross-origin resource sharing for ReactPHP. This repository got mainly inspired by tuupola/cors-middleware. Additional configuration ideas got taken from barryvdh/laravel-cors and nelmio/NelmioCorsBundle. The internal heavy lifting is done by neomerx/cors-psr7 library.
Install
To install via Composer, use the command below, it will automatically detect the latest version and bind it with ^.
composer require christoph-kluge/reactphp-http-cors-middleware
This middleware will detect CORS requests and will intercept the request if there is something invalid.
Usage
$server = new HttpServer( new CorsMiddleware(), function (ServerRequestInterface $request, callable $next) { return new Response(200, ['Content-Type' => 'text/html'], 'We test CORS'); }, );
Configuration
The defaults for this middleware are mainly taken from enable-cors.org.
Available configuration options
Thanks to expressjs/cors#configuring-cors. As I took most configuration descriptions from there.
server_url: can be used to set enable strictHostheader checks to avoid malicious use of our server. (default:null)response_code: can be used to set the HTTP-StatusCode on a successfulOPTIONS/ Pre-Flight-Request (default:204)allow_credentials: Configures theAccess-Control-Allow-CredentialsCORS header. Expects an boolean (ex:true// to set the header)allow_origin: Configures theAccess-Control-Allow-OriginCORS header. Expects an array (ex:['http://example.net', 'https://example.net']).allow_origin_callback: Will setallow_originto an empty array[]and use the callback on a per-request base. The first parameter is an instance ofParsedUrlInterfaceand the callback is expected to return anboolean.allow_methods: Configures theAccess-Control-Allow-MethodsCORS header. Expects an array (ex:['GET', 'PUT', 'POST']).allow_headers: Configures theAccess-Control-Allow-HeadersCORS header. Expects an array (ex:['Content-Type', 'Authorization']).expose_headers: Configures theAccess-Control-Expose-HeadersCORS header. Expects an array (ex:['Content-Range', 'X-Content-Range']).max_age: Configures theAccess-Control-Max-AgeCORS header. Expects an integer representing seconds (ex:1728000// 20 days)
Default Settings (Allow All CORS Requests)
$settings = [ 'allow_credentials' => true, 'allow_origin' => ['*'], 'allow_methods' => ['GET', 'POST', 'PUT', 'DELETE', 'HEAD', 'OPTIONS'], 'allow_headers' => ['DNT','X-Custom-Header','Keep-Alive','User-Agent','X-Requested-With','If-Modified-Since','Cache-Control','Content-Type','Content-Range','Range'], 'expose_headers' => ['DNT','X-Custom-Header','Keep-Alive','User-Agent','X-Requested-With','If-Modified-Since','Cache-Control','Content-Type','Content-Range','Range'], 'max_age' => 60 * 60 * 24 * 20, // preflight request is valid for 20 days ];
Allow specific origins (Origin requires scheme, host and optionally port)
$server = new HttpServer( new CorsMiddleware([ 'allow_origin' => [ 'http://www.example.net', 'https://www.example.net', 'http://www.example.net:8443', ], ]) );
Allow origins on a per-request base (callback)
$server = new HttpServer( new CorsMiddleware([ 'allow_origin' => [], 'allow_origin_callback' => function(ParsedUrlInterface $origin) { // do some evaluation magic with origin .. return true; }, ]) );
Use custom response code on pre-flight requests
Some legacy browsers choke on 204. Thanks to expressjs/cors#configuring-cors for that.
$server = new HttpServer( new CorsMiddleware([ 'response_code' => 200, ]) );
Use strict host checking
The default handling of this middleware will allow any "Host"-header. This means that you can use your server with any hostname you want. This might be a desired behavior but allows also the misuse of your server.
To prevent such a behavior there is a server_url option which will enable strict host checking. In this scenario
the server will return a 403 with the body Origin not allowed.
$server = new HttpServer( new CorsMiddleware([ 'server_url' => 'http://api.example.net:8080' ]) );
License
The MIT License (MIT)
Copyright (c) 2017 Christoph Kluge
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
christoph-kluge/reactphp-http-cors-middleware 适用场景与选型建议
christoph-kluge/reactphp-http-cors-middleware 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 10.83k 次下载、GitHub Stars 达 10, 最近一次更新时间为 2017 年 10 月 04 日, 在 PHP 生态内属于活跃度较高的组件。
我们在过去多个企业项目中使用过 christoph-kluge/reactphp-http-cors-middleware 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 christoph-kluge/reactphp-http-cors-middleware 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
统计信息
- 总下载量: 10.83k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 11
- 点击次数: 14
- 依赖项目数: 3
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2017-10-04