Code Coverage
 
Lines
Functions and Methods
Classes and Traits
Total
n/a
0 / 0
n/a
0 / 0
 CRAP
n/a
0 / 0
Cors
n/a
0 / 0
n/a
0 / 0
 0
n/a
0 / 0
1<?php
2
3namespace Config;
4
5use CodeIgniter\Config\BaseConfig;
6
7/**
8 * Cross-Origin Resource Sharing (CORS) Configuration
9 *
10 * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
11 */
12class Cors extends BaseConfig
13{
14    /**
15     * The default CORS configuration.
16     *
17     * @var array{
18     *      allowedOrigins: list<string>,
19     *      allowedOriginsPatterns: list<string>,
20     *      supportsCredentials: bool,
21     *      allowedHeaders: list<string>,
22     *      exposedHeaders: list<string>,
23     *      allowedMethods: list<string>,
24     *      maxAge: int,
25     *  }
26     */
27    public array $default = [
28        /**
29         * Origins for the `Access-Control-Allow-Origin` header.
30         *
31         * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
32         *
33         * E.g.:
34         *   - ['http://localhost:8080']
35         *   - ['https://www.example.com']
36         */
37        'allowedOrigins' => [],
38
39        /**
40         * Origin regex patterns for the `Access-Control-Allow-Origin` header.
41         *
42         * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
43         *
44         * NOTE: A pattern specified here is part of a regular expression. It will
45         *       be actually `#\A<pattern>\z#`.
46         *
47         * E.g.:
48         *   - ['https://\w+\.example\.com']
49         */
50        'allowedOriginsPatterns' => [],
51
52        /**
53         * Weather to send the `Access-Control-Allow-Credentials` header.
54         *
55         * The Access-Control-Allow-Credentials response header tells browsers whether
56         * the server allows cross-origin HTTP requests to include credentials.
57         *
58         * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials
59         */
60        'supportsCredentials' => false,
61
62        /**
63         * Set headers to allow.
64         *
65         * The Access-Control-Allow-Headers response header is used in response to
66         * a preflight request which includes the Access-Control-Request-Headers to
67         * indicate which HTTP headers can be used during the actual request.
68         *
69         * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers
70         */
71        'allowedHeaders' => [],
72
73        /**
74         * Set headers to expose.
75         *
76         * The Access-Control-Expose-Headers response header allows a server to
77         * indicate which response headers should be made available to scripts running
78         * in the browser, in response to a cross-origin request.
79         *
80         * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers
81         */
82        'exposedHeaders' => [],
83
84        /**
85         * Set methods to allow.
86         *
87         * The Access-Control-Allow-Methods response header specifies one or more
88         * methods allowed when accessing a resource in response to a preflight
89         * request.
90         *
91         * E.g.:
92         *   - ['GET', 'POST', 'PUT', 'DELETE']
93         *
94         * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods
95         */
96        'allowedMethods' => [],
97
98        /**
99         * Set how many seconds the results of a preflight request can be cached.
100         *
101         * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age
102         */
103        'maxAge' => 7200,
104    ];
105}