php cors header code example

Example 1: header cros orgin using php

<?php
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Headers: *");
...

Example 2: php access origin

<?php
 header("Access-Control-Allow-Origin: *");

Example 3: php cors

/**
 *  An example CORS-compliant method.  It will allow any GET, POST, or OPTIONS requests from any
 *  origin.
 *
 *  In a production environment, you probably want to be more restrictive, but this gives you
 *  the general idea of what is involved.  For the nitty-gritty low-down, read:
 *
 *  - https://developer.mozilla.org/en/HTTP_access_control
 *  - https://fetch.spec.whatwg.org/#http-cors-protocol
 *
 */
function cors() {
    
    // Allow from any origin
    if (isset($_SERVER['HTTP_ORIGIN'])) {
        // Decide if the origin in $_SERVER['HTTP_ORIGIN'] is one
        // you want to allow, and if so:
        header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
        header('Access-Control-Allow-Credentials: true');
        header('Access-Control-Max-Age: 86400');    // cache for 1 day
    }
    
    // Access-Control headers are received during OPTIONS requests
    if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
        
        if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
            // may also be using PUT, PATCH, HEAD etc
            header("Access-Control-Allow-Methods: GET, POST, OPTIONS");         
        
        if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
            header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
    
        exit(0);
    }
    
    echo "You have CORS!";
}

Example 4: php strict-origin-when-cross-origin

header("Access-Control-Allow-Origin: *");

Example 5: php cors header multiple domains

//Function to be called first in php file.
function CORS_HEADERS_HANDLER(){
  if (isset($_SERVER['HTTP_ORIGIN'])){
    switch($_SERVER['HTTP_ORIGIN']){
        //Handle an IP address and Port
      case 'http://1.2.3.4:4200':
        header('Access-Control-Allow-Origin: http://1.2.3.4:4200');
        break;
        //Handle an Website Domain (using https)
      case 'https://www.someSite.com':
        header('Access-Control-Allow-Origin: https://www.someSite.com');
        break;
        //Handle an Website Domain (using http)
      case 'http://www.someSite.com':
        header('Access-Control-Allow-Origin: http://www.someSite.com');
        break;
        //Catch if someone's site is actually the reject being cheeky
      case 'https://not.you':
        header('Access-Control-Allow-Origin: https://nice.try');
        break;
        //Handle a rejection passing something that is not the request origin.
      default:
        header('Access-Control-Allow-Origin: https://not.you');
        break;
    }
  }else{
    header('Access-Control-Allow-Origin: https://not.you');
  }
  header('Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS');
  header('Access-Control-Allow-Headers: Origin, Content-Type, X-Auth-Token');
  header('Access-Control-Allow-Credentials: true');
  header('Content-Type: application/json; charset=utf-8');
  header("Cache-Control: public,max-age=3600");
  //if its an options request you don't need to proceed past CORS request.
  if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
    die();
  }
}

Tags:

Php Example

Recent Posts