Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Rob Allen:
Implementing CORS in Zend Expressive
Nov 15, 2017 @ 09:20:13

In a new post to his site Rob Allen shows you how to implement CORS in a Zend Expressive application through the use of a simple middleware wrapper that sends the appropriate headers.

On a recent project, I needed to implement CORS support for my Expressive API. The easiest way to do this is to use Mike Tuupola's PSR-7 CORS Middleware.

As this is a standard Slim-Style PSR-7 middleware implementation, we need to wrap it for Expressive, so we make a factory. [...] We then register this in our AppConfigProvider::getDependencies() by adding to the factories key.

He includes the code and configuration changes required to make it all work and includes example output of a request (with headers) from a curl call to the API. He also includes a section on working with JSON error responses and ProblemDetails for when there are issues related to the current CORS policy definition.

tagged: cors tutorial zendexpressive middleware json error problemdetails

Link: https://akrabat.com/implementing-tuupola-cors-in-expressive/

Joshua Sampia:
CORS Slim PHP Setup
Nov 05, 2015 @ 10:38:47

In this post to his site Joshua Sampia shows how to set up and configure CORS in your Slim-based application. CORS or Cross-Origin Resource Sharing, lets you further lock down what sources can access your application and some requirements around the ones that can.

Ok, another PHP post but this time it’s about setting up some middleware for a slim PHP application.

Let me set this up. We are building a simple REST API for use with a basic phone native app (both Android and iOS). Me being new to this, I wasn’t sure if the native app domain call is considered cross browser or not, plus there are some outside companies we are working with who MAY access the API as well. [...] I setup some middleware by extending the Slim Middleware class and adding them via the app.

He talks about the steps he had to take in the middleware to set up an AccessControlOrigin middleware (and two others requiring HTTPS and HTTP Basic Auth). He includes the simple code to send the required HTTP headers to support CORS on the response object and the update to his Javascript to include credentials with every request.

tagged: cors slim framework security middleware https httpbasic authentication crossorigin

Link: http://joshuasampia.com/2015/11/05/cors-slim-php-setup/

David Müller:
Cross Domain AJAX Guide
Dec 10, 2012 @ 12:17:39

In his latest post David Müller covers some of the things to consider when working with cross-domain ajax requests including CORS and iframes.

As it is widely known, AJAX Requests are only possible if port, protocol and domain of sender and receiver are equal. [...] Having this cleared out, we will cover ways around this restriction.

He covers three main approaches to allowing these cross-domain requests (and some of the security implications that can come with them):

  • CORS (Cross Origin Resource Sharing)
  • JSONP (Javascript with a local domain callback)
  • Iframes

He also briefly mentions things like window.postMessage (HTML5) and the use of a backend script to proxy a request into your application's local code.

tagged: crossdomain ajax cors iframe jsonp tutorial introduction