Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Freek Van der Herten:
Handling CORS in a Laravel application
Jan 08, 2018 @ 09:47:07

On his blog today Freek Van der Herten has a post introducing a new Laravel package designed to help make CORS implementation simpler in your application. CORS headers are, essentially, what allows clients (like browsers) to talk across domains in a configurable and enforceable fashion.

Recently we released laravel-cors. This package can add the necessary CORS headers of your Laravel app. In this post I'd like to give a quick explanation of what CORS is and how you can use the package.

The post starts by explaining a bit about CORS (Cross-Origin Resource Sharing) headers, what they're used for and simple examples of when they might be most useful. It then covers the package, showing how to pull it into your packages and adding it to the middleware configuration for loading on each request. There's also a more detailed configuration you can use to defined allowed and denied domains as well as the idea of "profiles" for different user levels.

tagged: cors laravel crossorigin resource header package introduction tutorial

Link: https://murze.be/handling-cors-in-a-laravel-application

Joshua Sampia:
CORS Slim PHP Setup
Nov 05, 2015 @ 10:38:47

In this post to his site Joshua Sampia shows how to set up and configure CORS in your Slim-based application. CORS or Cross-Origin Resource Sharing, lets you further lock down what sources can access your application and some requirements around the ones that can.

Ok, another PHP post but this time it’s about setting up some middleware for a slim PHP application.

Let me set this up. We are building a simple REST API for use with a basic phone native app (both Android and iOS). Me being new to this, I wasn’t sure if the native app domain call is considered cross browser or not, plus there are some outside companies we are working with who MAY access the API as well. [...] I setup some middleware by extending the Slim Middleware class and adding them via the app.

He talks about the steps he had to take in the middleware to set up an AccessControlOrigin middleware (and two others requiring HTTPS and HTTP Basic Auth). He includes the simple code to send the required HTTP headers to support CORS on the response object and the update to his Javascript to include credentials with every request.

tagged: cors slim framework security middleware https httpbasic authentication crossorigin

Link: http://joshuasampia.com/2015/11/05/cors-slim-php-setup/