I recently needed to add\u00a0Access-Control-Allow-Origin<\/span>\u00a0headers to resources on an API developed with CakePHP.\u00a0There’s a\u00a0good description of how to accomplish this from ThinkingMedia in 2015<\/a>, but it uses DispatcherFilters, which have since been\u00a0deprecated in favour of Middleware<\/a>.<\/p>\n The $request<\/span>\u00a0 and $response<\/span>\u00a0objects available to middleware have different interfaces than those retrieved from the event data in the dispatch filter, but the logic is essentially the same:<\/p>\n <\/p>\n","protected":false},"excerpt":{"rendered":" I recently needed to add\u00a0Access-Control-Allow-Origin\u00a0headers to resources on an API developed with CakePHP.\u00a0There’s a\u00a0good description of how to accomplish this from ThinkingMedia in 2015, but it uses DispatcherFilters, which have since been\u00a0deprecated in favour of Middleware. The $request\u00a0 and $response\u00a0objects available to middleware have different interfaces than those retrieved from the event data in the … [Read more…]<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3],"tags":[2],"_links":{"self":[{"href":"https:\/\/www.munderwood.ca\/index.php\/wp-json\/wp\/v2\/posts\/168"}],"collection":[{"href":"https:\/\/www.munderwood.ca\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.munderwood.ca\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.munderwood.ca\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.munderwood.ca\/index.php\/wp-json\/wp\/v2\/comments?post=168"}],"version-history":[{"count":5,"href":"https:\/\/www.munderwood.ca\/index.php\/wp-json\/wp\/v2\/posts\/168\/revisions"}],"predecessor-version":[{"id":173,"href":"https:\/\/www.munderwood.ca\/index.php\/wp-json\/wp\/v2\/posts\/168\/revisions\/173"}],"wp:attachment":[{"href":"https:\/\/www.munderwood.ca\/index.php\/wp-json\/wp\/v2\/media?parent=168"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.munderwood.ca\/index.php\/wp-json\/wp\/v2\/categories?post=168"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.munderwood.ca\/index.php\/wp-json\/wp\/v2\/tags?post=168"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\n
<?php\r\n\r\nnamespace App\\Middleware;\r\n\r\nclass HttpOptionsMiddleware\r\n{\r\n public function __invoke($request, $response, $next)\r\n {\r\n $response = $response->withHeader('Access-Control-Allow-Origin', '*');\r\n\r\n if ($request->getMethod() == 'OPTIONS')\r\n {\r\n $method = $request->getHeader('Access-Control-Request-Method');\r\n $headers = $request->getHeader('Access-Control-Request-Headers');\r\n $allowed = empty($method) ? 'GET, POST, PUT, DELETE' : $method;\r\n\r\n $response = $response\r\n ->withHeader('Access-Control-Allow-Headers', $headers)\r\n ->withHeader('Access-Control-Allow-Methods', $allowed)\r\n ->withHeader('Access-Control-Allow-Credentials', 'true')\r\n ->withHeader('Access-Control-Max-Age', '86400');\r\n\r\n return $response;\r\n }\r\n\r\n return $next($request, $response);\r\n }\r\n}<\/pre>\n