splashlab/magento-2-cors-requests

Release 100.0.7

Enabling cross-origin resource sharing (CORS) requests to Magento 2 API from configured Origin domain

Homepage Packagist PHP

Licenses
OSL-3.0/AFL-3.0

Documentation

Magento 2 CORS Cross-Domain Requests by SplashLab

This module allows you to enable Cross-Origin Resource Sharing (CORS) REST API requests in Magento 2 by adding the appropriate HTTP headers and handling the pre-flight OPTIONS requests.

This can be used to allow AJAX and other requests to the Magento 2 REST API from another domain (or subdomain).

How to install

1. via composer

Edit composer.json

{
    "repositories": [
        {
            "type": "vcs",
            "url": "https://github.com/splashlab/magento-2-cors-requests"
        }
    ],
    "require": {
        "splashlab/magento-2-cors-requests": "dev-master"
    }
}

composer install
php bin/magento setup:upgrade
php bin/magento setup:static-content:deploy

2. Copy and paste

Download latest version from GitHub

Paste into app/code/SplashLab/CorsRequests directory

php bin/magento setup:upgrade
php bin/magento setup:static-content:deploy

3. Update Origin URL

In Stores -> Configuration, go to General -> Web -> CORS Requests Configuration.

Then edit the the CORS Origin Url field to the domain you want to enable cross-domain requests from. (i.e. http://example.com)

How does it work?

The full implementation of CORS cross-domain HTTP requests is outside the scope of this README, but this is what this module does:

  1. Allows onfigureing an Origin Url in the Admin Configuration area - this is the domain which cross-domain requests are permitted from
  2. This domain is added to a Access-Control-Allow-Origin response HTTP header
  3. Optionally you can enable the Access-Control-Allow-Credentials header as well, to enable passing cookies

For non-GET and non-standard-POST requests (i.e. PUT and DELETE), the "pre-flight check" OPTIONS request is handled by:

  1. An empty /V1/cors/check API response with the appropriate headers:
  2. Access-Control-Allow-Methods response header, which mirrors the Access-Control-Request-Method request header
  3. Access-Control-Allow-Headers response header, which mirrors the Access-Control-Request-Headers request header

Alternative Solutions

You can also manage these CORS headers with Apache and Nginx rules, instead of using this extension:

But I created this extension to allow you to configure the Origin domain the Admin Configuration, and to avoid having to create and manage special server configuration.

CORS Cross-Domain Request References

Stats

Dependencies
0
Dependent packages
0
Dependent repositories
0
Total releases
5
Latest release
First release
Stars
60
Forks
22
Watchers
10
Contributors
7
Repository size
29.3 KB
SourceRank
12

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

100.0.7
100.0.6
100.0.4
100.0.3
100.0.2

Contributors

Evan Gihovani Filipp Pereira Demétrio Lieven Pouwelse sebastian-ehrling rodde177 Irene Iaccio Seth Daugherty


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2022-10-18 06:00:05 UTC

Login to resync this project