PHP Classes

File: cfg/cfg.2.cors.php

Recommend this page to a friend!
  Classes of Kjell-Inge Gustafsson   PHP REST API Server   cfg/cfg.2.cors.php   Download  
File: cfg/cfg.2.cors.php
Role: Auxiliary script
Content type: text/plain
Description: Auxiliary script
Class: PHP REST API Server
REST API server handling requests with callbacks
Author: By
Last change:
Date: 4 years ago
Size: 6,485 bytes
 

Contents

Class file image Download
<?php
   
/**
     * restServer, a PSR HTTP Message rest server implementation
     *
     * This file is a part of restServer.
     *
     * Copyright 2018 Kjell-Inge Gustafsson, kigkonsult, All rights reserved
     * Link http://kigkonsult.se/restServer/index.php
     * Version 0.9.123
     * License Subject matter of licence is the software restServer.
     * The above copyright, link, package and version notices and
     * this licence notice shall be included in all copies or
     * substantial portions of the restServer.
     * restServer can be used either under the terms of
     * a proprietary license, available at <https://kigkonsult.se/>
     * or the GNU Affero General Public License, version 3:
     * restServer is free software: you can redistribute it and/or
     * modify it under the terms of the GNU Affero General Public License
     * as published by the Free Software Foundation, either version 3 of
     * the License, or (at your option) any later version.
     * restServer is distributed in the hope that it will be useful,
     * but WITHOUT ANY WARRANTY; without even the implied warranty of
     * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
     * GNU Affero General Public License for more details.
     * You should have received a copy of the GNU Affero General Public
     * License along with this program.
     * If not, see <http://www.gnu.org/licenses/>.
     */

namespace Kigkonsult\RestServer;

use
Kigkonsult\RestServer\Handlers\CorsHandler;

   
/**
     * Configuration for the builtin CorsHandler
     * CorsHandler provides simple cors,
     * Cross-Origin Resource Sharing,
     * but on server level, NOT on each specific request target level
     * The handler is optional.
     *
     * @author Kjell-Inge Gustafsson <ical@kigkonsult.se>
     *
     * @see https://www.html5rocks.com/static/images/cors_server_flowchart.png
     *
     * Note, Request-Method OPTIONS must be allowed to manage preflights requests
     * (see cfg.RestServer.php, disallow)
     * Note, NO $config[CorsHandler::CORS] means no cors mgnt
     *
     * Response header Access-Control-Allow-Methods will contain
     * - all attached service methods
     * - NON-disallowed methods (ex HEAD/OPTIONS)
     *
     * NOTE, most config keys here have only test values set,
     * include ONLY on after update!!
     *
     * ex
     * $config[CorsHandler::CORS] = include 'cfg/cfg.2.cors.php';
     */
$corsCfg = [];

   
/**
     * Ignore origin header
     *
     * value type : bool
     * default false (or not set)
     *
     */
$corsCfg[RestServer::IGNORE] = true;

   
/**
     * Default for (opt) logging
     * response status 4xx results in logging with prio warning
     * response status 500 results in logging with prio error
     */

    /**
     * statusCode for response if origin is expected but not found,
     *
     * value type : int|array
     * default 400, 'Bad request', set only here if other !!
     * Due to security, you can alter logging prio to error
     * using value type array : [ 401, RestServer::ERROR ]
     */
$corsCfg[CorsHandler::ERRORCODE1] = 400;

   
/**
     * statusCode for response
     * if origin is not expected but found and not ignored
     *
     * value type : int|array
     * default 403, 'Forbidden', set only here if other !!
     * Due to security, you can alter logging prio to error
     * using value type array : [ 403, RestServer::ERROR ]
     */
$corsCfg[CorsHandler::ERRORCODE2] = 403;

   
/**
     * statusCode for response
     * if origin is found but NO match,
     *
     * value type : int|array
     * default 403, 'Forbidden', set only here if other !!
     * Due to security, you can alter logging prio to error
     * using value type array : [ 403, RestServer::ERROR ]
     */
$corsCfg[CorsHandler::ERRORCODE3] = 403;

   
/**
     * statusCode for response
     * if contents in request header Access-Control-Request-Method,
     * is NOT accepted by rest services definitions (method)
     *
     * value type : int
     * default 406, 'Not Acceptable', set only here if other !!
     */
$corsCfg[CorsHandler::ERRORCODE4] = 406;

   
/**
     * statusCode for response
     * if contents in request header Access-Control-Request-Header
     * is NOT in Access-Control-Allow-Headers, below
     *
     * value type : int
     * default 406, 'Not Acceptable', set only here if other !!
     */
$corsCfg[CorsHandler::ERRORCODE5] = 406;

   
/**
     * Will match request header 'Origin' value
     * Cfg contains accepted origins, (uri-scheme), uri-host, (uri-port)
     * ['*'] accepts all
     *
     * value type : string[]
     * Accepted request header 'Origin' value will be used in response
     */
$corsCfg[RestServer::ALLOW] = ['*'];

   
/**
     * allowed (non-simple) headers
     *
     * value type : string[]
     * optional
     * Checked in checking preflight request header Access-Control-Request-Header
     * Used in (preflight request) response header Access-Control-Allow-Headers
     */
$corsCfg[CorsHandler::ACCESSCONTROLALLOWHEADERS] = ['x-header'];

   
/**
     * Max age
     *
     * value type : int ()
     * in preflight request response only
     * optional
     * Used in response header Access-Control-Max-Age
     */
$corsCfg[CorsHandler::ACCESSCONTROLMAXAGE] = 200;

   
/**
     * headers to expose (in the NON-preflight response)
     *
     * value type : null|string[]
     * optional, see also Access-Control-Allow-Headers above
     * Used in response header Access-Control-Expose-Headers
     * Note, empty value will result in an empty response header
     */
$corsCfg[CorsHandler::ACCESSCONTROLEXPOSEHEADERS] = ['x-header'];

   
/**
     * Allow credentials
     *
     * value type : bool
     * true : cookies are allowed, response header is sent
     * false : (or missing), cookies are not allowed, no response header
     * optional
     * Used in response header Access-Control-Allow-Credentials
     */
$corsCfg[CorsHandler::ACCESSCONTROLALLOWCREDENTIALS] = true;

   
/** ***************************************************************************
     * Add to main config
     * <code>
     * $config[CorsHandler::CORS] = include 'cfg/cfg.2.cors.php';
     * </code>
     */
return $corsCfg;