CORS Configuration

Learn how to configure Cross-Origin Resource Sharing (CORS) in Sockeon.

Overview

CORS is handled automatically by the framework based on the configuration in ServerConfig. No middleware or manual handling is required.

Basic Configuration

Using Constructor with Array

use Sockeon\Sockeon\Config\ServerConfig;
use Sockeon\Sockeon\Config\CorsConfig;
use Sockeon\Sockeon\Connection\Server;

// Create CORS configuration
$corsConfig = new CorsConfig([
    'allowed_origins' => ['https://example.com', 'https://app.example.com'],
    'allowed_methods' => ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
    'allowed_headers' => ['Content-Type', 'Authorization', 'X-Requested-With'],
    'allow_credentials' => true,
    'max_age' => 86400 // 24 hours
]);

// Create server configuration with CORS
$config = new ServerConfig();
$config->setCorsConfig($corsConfig);

// Create server with CORS configuration
$server = new Server($config);
$server->run();

Using Setters

use Sockeon\Sockeon\Config\CorsConfig;

$corsConfig = new CorsConfig();
$corsConfig->setAllowedOrigins(['https://example.com', 'https://app.example.com']);
$corsConfig->setAllowedMethods(['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS']);
$corsConfig->setAllowedHeaders(['Content-Type', 'Authorization', 'X-Requested-With']);
$corsConfig->setAllowCredentials(true);
$corsConfig->setMaxAge(86400);

$config->setCorsConfig($corsConfig);

Via ServerConfig Constructor

use Sockeon\Sockeon\Config\ServerConfig;

$config = new ServerConfig([
    'host' => '0.0.0.0',
    'port' => 6001,
    'cors' => [
        'allowed_origins' => ['https://example.com', 'https://app.example.com'],
        'allowed_methods' => ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
        'allowed_headers' => ['Content-Type', 'Authorization', 'X-Requested-With'],
        'allow_credentials' => true,
        'max_age' => 86400
    ]
]);

Configuration Options

Allowed Origins

use Sockeon\Sockeon\Config\CorsConfig;

// Allow all origins (not recommended for production)
$corsConfig = new CorsConfig([
    'allowed_origins' => ['*']
]);

// Allow specific origins
$corsConfig = new CorsConfig([
    'allowed_origins' => [
        'https://example.com',
        'https://app.example.com'
    ]
]);

// Or using setters
$corsConfig = new CorsConfig();
$corsConfig->setAllowedOrigins(['https://example.com', 'https://app.example.com']);

// Check if an origin is allowed
if ($corsConfig->isOriginAllowed('https://example.com')) {
    // Origin is allowed
}

HTTP Methods

$corsConfig = new CorsConfig([
    'allowed_methods' => ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS']
]);

// Or using setter
$corsConfig->setAllowedMethods(['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS']);

// Get allowed methods
$methods = $corsConfig->getAllowedMethods();

Headers

$corsConfig = new CorsConfig([
    'allowed_headers' => [
        'Content-Type',
        'Authorization',
        'X-Requested-With'
    ]
]);

// Or using setter
$corsConfig->setAllowedHeaders([
    'Content-Type',
    'Authorization',
    'X-Requested-With'
]);

// Get allowed headers
$headers = $corsConfig->getAllowedHeaders();

Credentials and Caching

$corsConfig = new CorsConfig([
    'allow_credentials' => true,
    'max_age' => 86400 // 24 hours
]);

// Or using setters
$corsConfig->setAllowCredentials(true);
$corsConfig->setMaxAge(86400);

// Check if credentials are allowed
if ($corsConfig->isCredentialsAllowed()) {
    // Credentials are allowed
}

// Get max age
$maxAge = $corsConfig->getMaxAge();