CORS or Cross-Origin Resource Sharing represents a mechanism that uses additional HTTP headers to grant a browser permission to access resources from a server at a different origin. It provides a secure way of sharing resources with different origins. Handling CORS in PHP however can be a bit tricky and have implications for security so it requires the correct expertise.
One method of solving headers CORS origin issue in PHP is by adding a header to the response that specifically allows the desired domain or all domains to make HTTP requests to your server.
To illustrate, consider the following simple scenario: you have an API developed that you want to access from a domain different from the one it is located. Obviously, our browser security flags it as a security risk and in such cases, you have to take control.
The following code snippet shows how to go on with this:
Handling CORS In PHP
Taking control of who accesses your resources involves setting up a few headers specifically to allow certain types of requests from certain origins. In PHP, these are set using the `header` function.
Pre-flight Requests
There are also cases where the browser sends a preflight request to the server to check if CORS is actually being enforced. This happens with requests with the ‘DELETE’, ‘PUT’, or ‘PATCH’ methods. The important bit to remember here is that the server has to respond to the preflight requests correctly and accept the actual request.
