SyntaxStudy
Sign Up
PHP CORS in PHP APIs
Previous Next
PHP Intermediate 3 min read

CORS in PHP APIs

CORS

CORS headers allow browsers to make cross-origin requests to your API. In Laravel, configure the built-in CORS middleware.

Example 
// config/cors.php (Laravel)
return [
    "paths"       => ["api/*"],
    "allowed_methods" => ["*"],
    "allowed_origins" => ["https://app.example.com"],
    "allowed_headers" => ["*"],
    "exposed_headers" => ["X-RateLimit-Remaining"],
    "max_age"         => 600,
    "supports_credentials" => true,
];
// Plain PHP manual headers
header("Access-Control-Allow-Origin: https://app.example.com");
header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS");
PHP
Full Editor
Pro Tip

Never set Access-Control-Allow-Origin: * on authenticated APIs — it defeats CORS protection.

Related Resources

PHP Reference
Complete tag & property list
PHP How-To Guides
Step-by-step practical guides
PHP Exercises
Practice what you've learned

More in PHP

PHP Introduction PHP Variables PHP Arrays PHP Functions PHP Strings PHP Dates
Previous
API Response Caching
Next
API Documentation with OpenAPI