php-cors icon indicating copy to clipboard operation
php-cors copied to clipboard
verified publisher icon fruitcake

Proposal: Dynamic Access-Control-Expose-Headers Support

Open yinheli opened this issue 1 year ago • 0 comments

Summary

This proposal aims to enhance the php-cors library by adding support for dynamic of the Access-Control-Expose-Headers header. Currently, this header is set globally, which limits flexibility in scenarios where different routes require different exposed headers.

Motivation

In complex applications, different routes often need to expose different custom headers. The current static, global configuration of Access-Control-Expose-Headers in php-cors doesn't provide the necessary flexibility for such cases. This proposal seeks to address this limitation by allowing developers to dynamically set exposed headers at the controller or middleware level.

Proposed Implementation

  1. Modify the CORS middleware to check for an Access-Control-Expose-Headers header in the response object.
  2. If present, merge this dynamically set header with the globally configured exposed headers.
  3. Use the combined list when setting the final Access-Control-Expose-Headers header in the CORS response.

yinheli avatar Sep 11 '24 08:09 yinheli