mirror of
				https://github.com/pelican-dev/panel.git
				synced 2025-10-25 12:26:52 +02:00 
			
		
		
		
	
		
			
				
	
	
		
			58 lines
		
	
	
		
			1.7 KiB
		
	
	
	
		
			PHP
		
	
	
	
	
	
			
		
		
	
	
			58 lines
		
	
	
		
			1.7 KiB
		
	
	
	
		
			PHP
		
	
	
	
	
	
| <?php
 | |
| 
 | |
| return [
 | |
|     /*
 | |
|     |--------------------------------------------------------------------------
 | |
|     | Cross-Origin Resource Sharing (CORS) Configuration
 | |
|     |--------------------------------------------------------------------------
 | |
|     |
 | |
|     | Here you may configure your settings for cross-origin resource sharing
 | |
|     | or "CORS". This determines what cross-origin operations may execute
 | |
|     | in web browsers. You are free to adjust these settings as needed.
 | |
|     |
 | |
|     | To learn more: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
 | |
|     |
 | |
|     */
 | |
| 
 | |
|     /*
 | |
|      * You can enable CORS for 1 or multiple paths.
 | |
|      * Example: ['api/*']
 | |
|      */
 | |
|     'paths' => ['/api/client', '/api/application', '/api/client/*', '/api/application/*'],
 | |
| 
 | |
|     /*
 | |
|      * Matches the request method. `['*']` allows all methods.
 | |
|      */
 | |
|     'allowed_methods' => ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'HEAD'],
 | |
| 
 | |
|     /*
 | |
|      * Matches the request origin. `['*']` allows all origins. Wildcards can be used, eg `*.mydomain.com`
 | |
|      */
 | |
|     'allowed_origins' => explode(',', env('APP_CORS_ALLOWED_ORIGINS') ?? ''),
 | |
| 
 | |
|     /*
 | |
|      * Patterns that can be used with `preg_match` to match the origin.
 | |
|      */
 | |
|     'allowed_origins_patterns' => [],
 | |
| 
 | |
|     /*
 | |
|      * Sets the Access-Control-Allow-Headers response header. `['*']` allows all headers.
 | |
|      */
 | |
|     'allowed_headers' => ['*'],
 | |
| 
 | |
|     /*
 | |
|      * Sets the Access-Control-Expose-Headers response header with these headers.
 | |
|      */
 | |
|     'exposed_headers' => [],
 | |
| 
 | |
|     /*
 | |
|      * Sets the Access-Control-Max-Age response header when > 0.
 | |
|      */
 | |
|     'max_age' => 0,
 | |
| 
 | |
|     /*
 | |
|      * Sets the Access-Control-Allow-Credentials header.
 | |
|      */
 | |
|     'supports_credentials' => true,
 | |
| ];
 | 
