corsMethods = $corsMethods; $this->corsAllowedHeaders = $corsAllowedHeaders; $this->corsMaxAge = $corsMaxAge; } /** * This method implements a preflighted cors response for you that you can * link to for the options request * * @NoAdminRequired * @NoCSRFRequired * @PublicPage * @since 7.0.0 */ #[NoCSRFRequired] #[PublicPage] public function preflightedCors() { if (isset($this->request->server['HTTP_ORIGIN'])) { $origin = $this->request->server['HTTP_ORIGIN']; } else { $origin = '*'; } $response = new Response(); $response->addHeader('Access-Control-Allow-Origin', $origin); $response->addHeader('Access-Control-Allow-Methods', $this->corsMethods); $response->addHeader('Access-Control-Max-Age', (string)$this->corsMaxAge); $response->addHeader('Access-Control-Allow-Headers', $this->corsAllowedHeaders); $response->addHeader('Access-Control-Allow-Credentials', 'false'); return $response; } }