Cross Origin Resource Sharing for TYPO3
This extension is installable from various sources:
-
Via Composer:
composer require pagemachine/cors -
From the TYPO3 Extension Repository
-
From Github
All configuration options can be set via TypoScript setup in config.cors or per page object in page.config.cors. The following options are available:
| Option | Type | Description |
|---|---|---|
allowCredentials |
int/boolean | Processing of the credentials flag |
allowHeaders |
string | List of allowed headers (X-Foo, ...), simple headers are always allowed |
allowMethods |
string | List of allowed methods (PUT, DELETE, ...), simple methods are always allowed |
allowOrigin |
string | List of allowed origins |
allowOrigin.pattern |
string | Regular expression for matching origins, make sure to escape as necessary |
exposeHeaders |
string | List of headers exposed to clients |
maxAge |
int | Cache lifetime of preflight requests, watch out for browser limits |
Note that all options support stdWrap processing through their .stdWrap property.
-
Origin wildcarding:
config.cors { allowOrigin = * } -
Simple list of origins:
config.cors { allowOrigin = http://example.org, http://example.com // More readable version allowOrigin ( http://example.org, http://example.com ) } -
Matching origins via regular expressions:
config.cors { allowOrigin.pattern = https?://example\.(org|com) } -
Allow specific methods:
config.cors { allowMethods = GET, POST, PUT, DELETE } -
Allow headers:
config.cors { allowHeaders = ( Content-Type, ... ) } -
Allow
credentialflag processing:config.cors { // Set to 1/true to enable allowCredentials = 1 } -
Expose headers:
config.cors { exposeHeaders ( X-My-Custom-Header, X-Another-Custom-Header ) } -
Set maximum age of preflight request result:
config.cors { // 10 minutes maxAge = 600 } -
Set maximum age via some
stdWrapprocessing:config.cors { maxAge.stdWrap.cObject = TEXT maxAge.stdWrap.cObject { value = 600 } }
Found a bug? Need a feature? Let us know through our issue tracker.