Getting Started

Getting up and running with Leaf PHP

Why Header Configuration?

Header configuaration helps us achieve so much ranging from responses to error codes and so much more, but for this guide, we'll be talking about Header config in relation to CORS. CORS usually creates a lot of problems for developers, and this is as a result of poor header config. So, let's get started.

You can test your CORS Support here: http://www.test-cors.org/
You can read the specification here: https://www.w3.org/TR/cors/

Access-Control-Allow-Origin

When an app/site(siteX) tries to fetch content from your Leaf app, you can send an Access-Control-Allow-Origin response header to tell the browser that the content of this page is accessible to certain origins. (An origin is a domain, plus a scheme and port number.) By default, your Leaf app's content isn't available to any other origin; using the Access-Control-Allow-Origin header opens a door for cross-origin access by specific requesting origins. You can authorize siteX by adding Access-Control-Allow-Origin: siteX or you can allow all origins by adding Access-Control-Allow-Origin: *.

Access-Control-Allow-Headers

The Access-Control-Allow-Headers header is used in response to a preflight request to indicate which HTTP headers can be used when making the actual request.

Access-Control-Allow-Methods

The Access-Control-Allow-Methods header specifies the method or methods allowed when accessing the resource. This is used in response to a preflight request. The conditions under which a request is preflighted are discussed above.