Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Joshua Sampia:
CORS Slim PHP Setup
Nov 05, 2015 @ 10:38:47

In this post to his site Joshua Sampia shows how to set up and configure CORS in your Slim-based application. CORS or Cross-Origin Resource Sharing, lets you further lock down what sources can access your application and some requirements around the ones that can.

Ok, another PHP post but this time it’s about setting up some middleware for a slim PHP application.

Let me set this up. We are building a simple REST API for use with a basic phone native app (both Android and iOS). Me being new to this, I wasn’t sure if the native app domain call is considered cross browser or not, plus there are some outside companies we are working with who MAY access the API as well. [...] I setup some middleware by extending the Slim Middleware class and adding them via the app.

He talks about the steps he had to take in the middleware to set up an AccessControlOrigin middleware (and two others requiring HTTPS and HTTP Basic Auth). He includes the simple code to send the required HTTP headers to support CORS on the response object and the update to his Javascript to include credentials with every request.

tagged: cors slim framework security middleware https httpbasic authentication crossorigin

Link: http://joshuasampia.com/2015/11/05/cors-slim-php-setup/

David Müller:
Cross Domain AJAX Guide
Dec 10, 2012 @ 12:17:39

In his latest post David Müller covers some of the things to consider when working with cross-domain ajax requests including CORS and iframes.

As it is widely known, AJAX Requests are only possible if port, protocol and domain of sender and receiver are equal. [...] Having this cleared out, we will cover ways around this restriction.

He covers three main approaches to allowing these cross-domain requests (and some of the security implications that can come with them):

  • CORS (Cross Origin Resource Sharing)
  • JSONP (Javascript with a local domain callback)
  • Iframes

He also briefly mentions things like window.postMessage (HTML5) and the use of a backend script to proxy a request into your application's local code.

tagged: crossdomain ajax cors iframe jsonp tutorial introduction