cors() public method

This method allow multiple ways to setup the domains, see the examples ### Full URI cors($request, 'http://www.cakephp.org'); ### URI with wildcard cors($request, 'http://*.cakephp.org'); ### Ignoring the requested protocol cors($request, 'www.cakephp.org'); ### Any URI cors($request, '*'); ### Whitelist of URIs cors($request, ['http://www.cakephp.org', '*.google.com', 'https://myproject.github.io']); *Note* The $allowedDomains, $allowedMethods, $allowedHeaders parameters are deprecated. Instead the builder object should be used.
public cors ( Cake\Network\Request $request, string | array $allowedDomains = [], string | array $allowedMethods = [], string | array $allowedHeaders = [] ) : Cake\Network\CorsBuilder
$request Cake\Network\Request Request object
$allowedDomains string | array List of allowed domains, see method description for more details
$allowedMethods string | array List of HTTP verbs allowed
$allowedHeaders string | array List of HTTP headers allowed
return Cake\Network\CorsBuilder A builder object the provides a fluent interface for defining additional CORS headers.
Example #1
0
 /**
  * Test CORS
  *
  * @dataProvider corsData
  * @param Request $request
  * @param string $origin
  * @param string|array $domains
  * @param string|array $methods
  * @param string|array $headers
  * @param string|bool $expectedOrigin
  * @param string|bool $expectedMethods
  * @param string|bool $expectedHeaders
  * @return void
  */
 public function testCors($request, $origin, $domains, $methods, $headers, $expectedOrigin, $expectedMethods = false, $expectedHeaders = false)
 {
     $request->env('HTTP_ORIGIN', $origin);
     $response = new Response();
     $result = $response->cors($request, $domains, $methods, $headers);
     $this->assertInstanceOf('Cake\\Network\\CorsBuilder', $result);
     $headers = $response->header();
     if ($expectedOrigin) {
         $this->assertArrayHasKey('Access-Control-Allow-Origin', $headers);
         $this->assertEquals($expectedOrigin, $headers['Access-Control-Allow-Origin']);
     }
     if ($expectedMethods) {
         $this->assertArrayHasKey('Access-Control-Allow-Methods', $headers);
         $this->assertEquals($expectedMethods, $headers['Access-Control-Allow-Methods']);
     }
     if ($expectedHeaders) {
         $this->assertArrayHasKey('Access-Control-Allow-Headers', $headers);
         $this->assertEquals($expectedHeaders, $headers['Access-Control-Allow-Headers']);
     }
     unset($_SERVER['HTTP_ORIGIN']);
 }