0% found this document useful (0 votes)
83 views3 pages

Cors

CORS allows servers to specify approved origins for cross-origin resource sharing, preventing errors when accessing resources from other domains. Browsers make preflight requests to check the server's CORS policy before fulfilling actual cross-origin requests. Modern browsers use CORS to securely enable cross-origin data transfers and APIs like XMLHttpRequest between browsers and servers.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
83 views3 pages

Cors

CORS allows servers to specify approved origins for cross-origin resource sharing, preventing errors when accessing resources from other domains. Browsers make preflight requests to check the server's CORS policy before fulfilling actual cross-origin requests. Modern browsers use CORS to securely enable cross-origin data transfers and APIs like XMLHttpRequest between browsers and servers.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

CORS - Cross-Origin Resource Sharing (CORS)

Cross-Origin Resource Sharing (CORS) is an HTTP-header based mechanism that allows a server to
indicate any origins (domain, scheme, or port) other than its own from which a browser should permit
loading resources. CORS also relies on a mechanism by which browsers make a "preflight" request to the
server hosting the cross-origin resource, in order to check that the server will permit the actual request. In
that preflight, the browser sends headers that indicate the HTTP method and headers that will be used in
the actual request.

The CORS mechanism supports secure cross-origin requests and data transfers between browsers and servers.
Modern browsers use CORS in APIs such as XMLHttpRequest or Fetch to mitigate the risks of cross-origin HTTP
requests.

Prepared by: Christian I. Cabrera


Enabling CORS in CodeIgniter 4^
Open your terminal and navigate to project directory. Key this command
composer require myth/auth

php spark make:filter CorsMiddleware

it will make CorsMiddleware.php file under the App\Filters directory

Add the following code under the before function.


header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE');
header('Access-Control-Allow-Headers: X-Requested-With, Content-Type, Origin, Authorization, Accept, Client-Security-Token');
return $request;

Then navigate to App\Config\Filters.php and add your new CORS middleware to the `$aliases` and `globals` array

public $aliases = [
'cors' => \App\Filters\CorsMiddleware::class,
];

public $globals = [
'before' => [
'cors', // Add 'cors' to apply CORS middleware globally
],
// ...
];

Prepared by: Christian I. Cabrera


Or simply navigate to public\index.php and add the following codes:
header('Access-Control-Allow-Origin: *');
header("Access-Control-Allow-Headers: X-API-KEY, Origin, X-Requested-With, Content-Type, Accept, Access-
Control-Request-Method");
header("Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE");
$method = $_SERVER['REQUEST_METHOD'];
if($method == "OPTIONS") {
die();
}

CI4 is all set. You can now access your ci4 as your backend

Prepared by: Christian I. Cabrera

You might also like