pagemachine / cors
Cross Origin Resource Sharing for TYPO3 CMS.
Installs: 3 843
Dependents: 0
Suggesters: 0
Security: 0
Stars: 8
Watchers: 5
Forks: 2
Open Issues: 0
Type:typo3-cms-extension
Requires
- php: ^5.6 || ^7.0
- typo3/cms-core: ^6.2 || ^7.6 || ^8.7
- typo3/cms-frontend: ^6.2 || ^7.6 || ^8.7
Requires (Dev)
- jakub-onderka/php-console-highlighter: ^0.3.2
- jakub-onderka/php-parallel-lint: ^0.9.2
- nimut/testing-framework: ^1.1
- phpunit/phpunit: ^5.7
Replaces
- cors: 2.0.6
- typo3-ter/cors: 2.0.6
README
Cross Origin Resource Sharing for TYPO3
Installation
This extension is installable from various sources:
-
Via Composer:
composer require pagemachine/cors
-
From the TYPO3 Extension Repository
-
From Github
Configuration
All configuration options can be set via TypoScript setup in config.cors
or per page object in page.config.cors
. The following options are available:
Option | Type | Description |
---|---|---|
allowCredentials |
int/boolean | Processing of the credentials flag |
allowHeaders |
string | List of allowed headers (X-Foo, ...), simple headers are always allowed |
allowMethods |
string | List of allowed methods (PUT, DELETE, ...), simple methods are always allowed |
allowOrigin |
string | List of allowed origins |
allowOrigin.pattern |
string | Regular expression for matching origins, make sure to escape as necessary |
exposeHeaders |
string | List of headers exposed to clients |
maxAge |
int | Cache lifetime of preflight requests, watch out for browser limits |
Note that all options support stdWrap processing through their .stdWrap
property.
Examples
-
Origin wildcarding:
config.cors { allowOrigin = * }
-
Simple list of origins:
config.cors { allowOrigin = http://example.org, http://example.com // More readable version allowOrigin ( http://example.org, http://example.com ) }
-
Matching origins via regular expressions:
config.cors { allowOrigin.pattern = https?://example\.(org|com) }
-
Allow specific methods:
config.cors { allowMethods = GET, POST, PUT, DELETE }
-
Allow headers:
config.cors { allowHeaders = ( Content-Type, ... ) }
-
Allow
credential
flag processing:config.cors { // Set to 1/true to enable allowCredentials = 1 }
-
Expose headers:
config.cors { exposeHeaders ( X-My-Custom-Header, X-Another-Custom-Header ) }
-
Set maximum age of preflight request result:
config.cors { // 10 minutes maxAge = 600 }
-
Set maximum age via some
stdWrap
processing:config.cors { maxAge.stdWrap.cObject = TEXT maxAge.stdWrap.cObject { value = 600 } }
Issues
Found a bug? Need a feature? Let us know through our issue tracker.
Testing
All tests can be executed with the shipped Docker Compose definition:
docker-compose run --rm app composer build