This method allow multiple ways to setup the domains, see the examples
### Full URI
cors($request, 'http://www.cakephp.org');
### URI with wildcard
cors($request, 'http://*.cakephp.org');
### Ignoring the requested protocol
cors($request, 'www.cakephp.org');
### Any URI
cors($request, '*');
### Whitelist of URIs
cors($request, ['http://www.cakephp.org', '*.google.com', 'https://myproject.github.io']);
*Note* The $allowedDomains, $allowedMethods, $allowedHeaders parameters are deprecated.
Instead the builder object should be used.
public cors ( Cake\Network\Request $request, string | array $allowedDomains = [], string | array $allowedMethods = [], string | array $allowedHeaders = [] ) : Cake\Network\CorsBuilder | ||
$request | Cake\Network\Request | Request object |
$allowedDomains | string | array | List of allowed domains, see method description for more details |
$allowedMethods | string | array | List of HTTP verbs allowed |
$allowedHeaders | string | array | List of HTTP headers allowed |
Résultat | Cake\Network\CorsBuilder | A builder object the provides a fluent interface for defining additional CORS headers. |
/** * Test CORS * * @dataProvider corsData * @param Request $request * @param string $origin * @param string|array $domains * @param string|array $methods * @param string|array $headers * @param string|bool $expectedOrigin * @param string|bool $expectedMethods * @param string|bool $expectedHeaders * @return void */ public function testCors($request, $origin, $domains, $methods, $headers, $expectedOrigin, $expectedMethods = false, $expectedHeaders = false) { $request->env('HTTP_ORIGIN', $origin); $response = new Response(); $result = $response->cors($request, $domains, $methods, $headers); $this->assertInstanceOf('Cake\\Network\\CorsBuilder', $result); $headers = $response->header(); if ($expectedOrigin) { $this->assertArrayHasKey('Access-Control-Allow-Origin', $headers); $this->assertEquals($expectedOrigin, $headers['Access-Control-Allow-Origin']); } if ($expectedMethods) { $this->assertArrayHasKey('Access-Control-Allow-Methods', $headers); $this->assertEquals($expectedMethods, $headers['Access-Control-Allow-Methods']); } if ($expectedHeaders) { $this->assertArrayHasKey('Access-Control-Allow-Headers', $headers); $this->assertEquals($expectedHeaders, $headers['Access-Control-Allow-Headers']); } unset($_SERVER['HTTP_ORIGIN']); }