PHP 클래스 yii\filters\Cors
Make sure to read carefully what CORS does and does not. CORS do not secure your API,
but allow the developer to grant access to third party code (ajax calls from external domain).
You may use CORS filter by attaching it as a behavior to a controller or module, like the following,
php
public function behaviors()
{
return [
'corsFilter' => [
'class' => \yii\filters\Cors::className(),
],
];
}
The CORS filter can be specialized to restrict parameters, like this,
MDN CORS Information
php
public function behaviors()
{
return [
'corsFilter' => [
'class' => \yii\filters\Cors::className(),
'cors' => [
restrict access to
'Origin' => ['http://www.myserver.com', 'https://www.myserver.com'],
'Access-Control-Request-Method' => ['POST', 'PUT'],
Allow only POST and PUT methods
'Access-Control-Request-Headers' => ['X-Wsse'],
Allow only headers 'X-Wsse'
'Access-Control-Allow-Credentials' => true,
Allow OPTIONS caching
'Access-Control-Max-Age' => 3600,
Allow the X-Pagination-Current-Page header to be exposed to the browser.
'Access-Control-Expose-Headers' => ['X-Pagination-Current-Page'],
],
],
];
}
For more information on how to add the CORS filter to a controller, see
the
Guide on REST controllers.
파일 보기
프로젝트 열기: yiisoft/yii2
1 사용 예제들
공개 프로퍼티들
프로퍼티 |
타입 |
설명 |
|
$actions |
|
define specific CORS rules for specific actions |
|
$cors |
|
Basic headers handled for the CORS requests. |
|
$request |
|
the current request. If not set, the request application component will be used. |
|
$response |
|
the response to be sent. If not set, the response application component will be used. |
|
공개 메소드들
보호된 메소드들
메소드 |
설명 |
|
headerize ( string $string ) : string |
Convert any string (including php headers with HTTP prefix) to header format like :
* X-PINGOTHER -> X-Pingother
* X_PINGOTHER -> X-Pingother |
|
headerizeToPhp ( string $string ) : string |
Convert any string (including php headers with HTTP prefix) to header format like :
* X-Pingother -> HTTP_X_PINGOTHER
* X PINGOTHER -> HTTP_X_PINGOTHER |
|
prepareAllowHeaders ( string $type, array $requestHeaders, array &$responseHeaders ) |
Handle classic CORS request to avoid duplicate code |
|
메소드 상세
overrideDefaultSettings()
공개 메소드
Override settings for specific action
프로퍼티 상세
define specific CORS rules for specific actions
Basic headers handled for the CORS requests.
the current request. If not set, the request application component will be used.
the response to be sent. If not set, the response application component will be used.