splashlab/magento-2-cors-requests
Composer 安装命令:
composer require splashlab/magento-2-cors-requests
包简介
Enabling cross-origin resource sharing (CORS) requests to Magento 2 API from configured Origin domain
README 文档
README
This module allows you to enable Cross-Origin Resource Sharing (CORS) REST API requests in Magento 2 by adding the appropriate HTTP headers and handling the pre-flight OPTIONS requests.
This can be used to allow AJAX and other requests to the Magento 2 REST API from another domain (or subdomain).
How to install
1. via composer
Edit composer.json
{
"repositories": [
{
"type": "vcs",
"url": "https://github.com/splashlab/magento-2-cors-requests"
}
],
"require": {
"splashlab/magento-2-cors-requests": "dev-master"
}
}
composer install
php bin/magento setup:upgrade
php bin/magento setup:static-content:deploy
2. Copy and paste
Download latest version from GitHub
Paste into app/code/SplashLab/CorsRequests directory
php bin/magento setup:upgrade
php bin/magento setup:static-content:deploy
3. Update Origin URL
In Stores -> Configuration, go to General -> Web -> CORS Requests Configuration.
Then edit the the CORS Origin Url field to the domain you want to enable cross-domain requests from. (i.e. http://example.com)
How does it work?
The full implementation of CORS cross-domain HTTP requests is outside the scope of this README, but this is what this module does:
- Allows onfigureing an Origin Url in the Admin Configuration area - this is the domain which cross-domain requests are permitted from
- This domain is added to a
Access-Control-Allow-Originresponse HTTP header - Optionally you can enable the
Access-Control-Allow-Credentialsheader as well, to enable passing cookies
For non-GET and non-standard-POST requests (i.e. PUT and DELETE), the "pre-flight check" OPTIONS request is handled by:
- An empty
/V1/cors/checkAPI response with the appropriate headers: Access-Control-Allow-Methodsresponse header, which mirrors theAccess-Control-Request-Methodrequest headerAccess-Control-Allow-Headersresponse header, which mirrors theAccess-Control-Request-Headersrequest header
Alternative Solutions
You can also manage these CORS headers with Apache and Nginx rules, instead of using this extension:
- https://community.magento.com/t5/Magento-2-Feature-Requests-and/API-CORS-requests-will-fail-without-OPTIONS-reponse/idi-p/60551
- https://stackoverflow.com/questions/35174585/how-to-add-cors-cross-origin-policy-to-all-domains-in-nginx
But I created this extension to allow you to configure the Origin domain the Admin Configuration, and to avoid having to create and manage special server configuration.
CORS Cross-Domain Request References
- https://en.wikipedia.org/wiki/Cross-origin_resource_sharing
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
- https://www.html5rocks.com/en/tutorials/cors/
- https://stackoverflow.com/questions/29954037/how-to-disable-options-request
- https://stackoverflow.com/questions/12320467/jquery-cors-content-type-options
- magento/magento2#8399
splashlab/magento-2-cors-requests 适用场景与选型建议
splashlab/magento-2-cors-requests 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 235.13k 次下载、GitHub Stars 达 70, 最近一次更新时间为 2018 年 09 月 11 日, 在 PHP 生态内属于活跃度较高的组件。
我们在过去多个企业项目中使用过 splashlab/magento-2-cors-requests 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 splashlab/magento-2-cors-requests 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
统计信息
- 总下载量: 235.13k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 70
- 点击次数: 23
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: OSL-3.0
- 更新时间: 2018-09-11