Luminova Framework

PHP Luminova: API Incoming Request Configurations

Last updated: 2024-08-28 21:30:17

In other to secure your API endpoint, set up the allowed origins and header to prevent unwanted access.

These properties serve as essential configuration and security measures for your application's APIs. They allow you to define the origins permitted to communicate with your API endpoints and specify the allowed headers.


  • Class namespace: \App\Config\Apis
  • File path: /app/Config/Apis.php
  • This class is marked as final and can't be subclassed

Properties

forbidEmptyOrigin

Indicates whether to forbid requests with empty Origin headers.If true, requests with empty Origin headers are forbidden.

public bool $forbidEmptyOrigin = true

allowCredentials

Set whether to allow credentials in API requests.If true, the Access-Control-Allow-Credentials header is included.

public bool $allowCredentials = true

allowOrigins

Set the allowed origins for the Access-Control-Allow-Origin header in API requests.An array of allowed origins or a wildcard * to allows all origins.

public array<int,string>|string $allowOrigins = [
    'https://localhost',
    'http://localhost',
    '127.0.0.1'
]

Note passing string null will result in allow all origins.


allowHeaders

Set the allowed headers for the Access-Control-Allow-Headers header in API requests.An array of allowed header names.

public array<int,string> $allowHeaders = [
    'Content-Type',
    'Access-Control-Allow-Headers',
    'Authorization',
    'X-Requested-With'
]