ci4
1<?php
2
3namespace Config;4
5use CodeIgniter\Config\BaseConfig;6
7/**
8* Cross-Origin Resource Sharing (CORS) Configuration
9*
10* @see https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
11*/
12class Cors extends BaseConfig13{
14/**15* The default CORS configuration.
16*
17* @var array{
18* allowedOrigins: list<string>,
19* allowedOriginsPatterns: list<string>,
20* supportsCredentials: bool,
21* allowedHeaders: list<string>,
22* exposedHeaders: list<string>,
23* allowedMethods: list<string>,
24* maxAge: int,
25* }
26*/
27public array $default = [28/**29* Origins for the `Access-Control-Allow-Origin` header.
30*
31* @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
32*
33* E.g.:
34* - ['http://localhost:8080']
35* - ['https://www.example.com']
36*/
37'allowedOrigins' => [],38
39/**40* Origin regex patterns for the `Access-Control-Allow-Origin` header.
41*
42* @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
43*
44* NOTE: A pattern specified here is part of a regular expression. It will
45* be actually `#\A<pattern>\z#`.
46*
47* E.g.:
48* - ['https://\w+\.example\.com']
49*/
50'allowedOriginsPatterns' => [],51
52/**53* Weather to send the `Access-Control-Allow-Credentials` header.
54*
55* The Access-Control-Allow-Credentials response header tells browsers whether
56* the server allows cross-origin HTTP requests to include credentials.
57*
58* @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials
59*/
60'supportsCredentials' => false,61
62/**63* Set headers to allow.
64*
65* The Access-Control-Allow-Headers response header is used in response to
66* a preflight request which includes the Access-Control-Request-Headers to
67* indicate which HTTP headers can be used during the actual request.
68*
69* @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers
70*/
71'allowedHeaders' => [],72
73/**74* Set headers to expose.
75*
76* The Access-Control-Expose-Headers response header allows a server to
77* indicate which response headers should be made available to scripts running
78* in the browser, in response to a cross-origin request.
79*
80* @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers
81*/
82'exposedHeaders' => [],83
84/**85* Set methods to allow.
86*
87* The Access-Control-Allow-Methods response header specifies one or more
88* methods allowed when accessing a resource in response to a preflight
89* request.
90*
91* E.g.:
92* - ['GET', 'POST', 'PUT', 'DELETE']
93*
94* @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods
95*/
96'allowedMethods' => [],97
98/**99* Set how many seconds the results of a preflight request can be cached.
100*
101* @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age
102*/
103'maxAge' => 7200,104];105}
106