/** * Add the CORS headers to the response. * * @return void */ public function addCorsHeaders() { if (isset($this->_corsConfig['origin'])) { Utils::header("Access-Control-Allow-Origin: " . $this->_corsConfig['origin']); } else { Utils::header("Access-Control-Allow-Origin: '*'"); } if (isset($this->_corsConfig['allowCredentials'])) { Utils::header("Access-Control-Allow-Credentials: " . $this->_corsConfig['allowCredentials']); } else { Utils::header('Access-Control-Allow-Credentials: true'); } if (isset($this->_corsConfig['maxAge'])) { Utils::header("Access-Control-Max-Age: " . $this->_corsConfig['maxAge']); } else { Utils::header('Access-Control-Max-Age: 86400'); // cache for 1 day } // Access-Control headers are sent during OPTIONS requests if ($this->_requestMethod == 'OPTIONS') { if (isset($this->_corsConfig['methods'])) { Utils::header("Access-Control-Allow-Methods: " . $this->_corsConfig['methods']); } else { Utils::header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS'); } if (isset($this->_corsConfig['allowHeaders'])) { Utils::header("Access-Control-Allow-Headers: " . $this->_corsConfig['allowHeaders']); } else { Utils::header('Access-Control-Allow-Headers: X-Requested-With'); } } }