Search
My Cart

creatuity / magento-2-cors-requests

creatuity/magento-2-cors-requests

Enabling cross-origin resource sharing (CORS) requests to Magento 2 API from configured Origin domain

magento2-module Compatibility: 2.4.7-2.4.9 Code Quality: Fail Tests: N/A Security: Pass OSL-3.0, AFL-3.0

Magento 2 CORS Cross-Domain Requests

Forked from splashlab/magento-2-cors-requests:
https://github.com/splashlab/magento-2-cors-requests

This module allows you to enable Cross-Origin Resource Sharing (CORS) REST API requests in Magento 2 by adding the appropriate HTTP headers and handling the pre-flight OPTIONS requests.

This can be used to allow AJAX and other requests to the Magento 2 REST API from another domain (or subdomain).

How to install

1. via composer

Edit composer.json

{
    "repositories": [
        {
            "type": "vcs",
            "url": "https://github.com/creatuity/magento-2-cors-requests.git"
        }
    ],
    "require": {
        "creatuity/magento-2-cors-requests": "dev-master"
    }
}

composer install
php bin/magento setup:upgrade
php bin/magento setup:static-content:deploy

2. Copy and paste

Download latest version from GitHub

Paste into app/code/Creatuity/CorsRequests directory

php bin/magento setup:upgrade
php bin/magento setup:static-content:deploy

3. Update Origin URL

In Stores -> Configuration, go to General -> Web -> CORS Requests Configuration.

Then edit the CORS Origin Url field to the domain you want to enable cross-domain requests from. (i.e. http://example.com)

How does it work?

The full implementation of CORS cross-domain HTTP requests is outside the scope of this README, but this is what this module does:

  1. Allows configuring an Origin Url in the Admin Configuration area - this is the domain which cross-domain requests are permitted from
  2. This domain is added to a Access-Control-Allow-Origin response HTTP header
  3. Optionally you can enable the Access-Control-Allow-Credentials header as well, to enable passing cookies

For non-GET and non-standard-POST requests (i.e. PUT and DELETE), the "pre-flight check" OPTIONS request is handled by:

  1. An empty /V1/cors/check API response with the appropriate headers:
  2. Access-Control-Allow-Methods response header, which mirrors the Access-Control-Request-Method request header
  3. Access-Control-Allow-Headers response header, which mirrors the Access-Control-Request-Headers request header

No changelog yet

The vendor hasn't published a changelog. Tagged releases appear in the Versions tab.

Versions
Version Stability QA Status Compatibility Released
1.0.0 stable Fail Magento 2.4.7-2.4.9 Details 2023-06-12 11:22:23

Requires 2

Package Constraint
php ^8.1
magento/framework *

Compatibility

Each Magento release line is installed on its supported PHP versions, then the module is built (DI compilation + static-content deploy) and its unit and integration suites are run. The matrix shows the lines and PHP versions the module is confirmed to install and run on. Code-quality results further down (phpstan, phpcs, …) are reported separately and never affect compatibility.

Compatibility matrix (Magento × PHP)
Magento PHP 8.2 PHP 8.3 PHP 8.4 PHP 8.5
2.4.7 Pass Pass
2.4.8 Pass Pass
2.4.9 Pass Pass

Code Quality

Advisory checks against the module's source. Static analysis runs once across the whole module; PHPStan re-runs per Magento + PHP version because resolvable symbols differ between releases. These NEVER affect the Compatibility badge — a phpcs finding can't make a module incompatible.

Static analysis

Coding standards (phpcs), mess detection (phpmd), copy-pasted code (cpd), PHP cross-version compatibility, composer.json validity. Each runs once for the whole module.

Static analysis results
Tool Status Findings Summary
PHPCS Warning 33 33 warnings (ruleset: Magento2) — 28 auto-fixable with phpcbf
PHPMD Warning 1 1 rule violation (IfStatementAssignment:1)
Cpd Pass 0
Composer validate Info 2 valid; 2 advisory notes (composer validate --strict)

PHPStan

Type-checks the module's PHP against a real Magento install at the configured gate level. Re-runs per Magento and PHP version because resolvable symbols differ between releases. Cell → details modal.

PHPStan results by Magento and PHP version
Magento PHP 8.2 PHP 8.3 PHP 8.4 PHP 8.5
2.4.7 4 4
2.4.8 4 4
2.4.9 4 4

Tests

Unit and integration suites, run for each applicable Magento and PHP version. A test failure speaks to the module's behaviour, not its compatibility with a Magento line, so it is reported here separately and never reddens the compatibility matrix.

Unit tests

Unit tests results by Magento and PHP version
Magento PHP 8.2 PHP 8.3 PHP 8.4 PHP 8.5
2.4.7 N/A N/A
2.4.8 N/A N/A
2.4.9 N/A N/A

Integration tests

Integration tests results by Magento and PHP version
Magento PHP 8.2 PHP 8.3 PHP 8.4 PHP 8.5
2.4.7 N/A N/A
2.4.8 N/A N/A
2.4.9 N/A N/A

Security

Security checks run directly against the module: an audit of its declared dependencies for known vulnerabilities (composer audit) and a scan of its source for malware and web-shell signatures. Each runs once. A malware detection fails the version outright.

Security results
Tool Status Findings Summary
Composer audit Pass 0
Malware scan Pass 0
License
OSL-3.0, AFL-3.0
Homepage
https://github.com/creatuity/magento-2-cors-requests

More from creatuity

View vendor
creatuity/magento2-openai-content-generator Free
magento2-module
v0.0.3 2yr ago
0
creatuity/magento2-order-status-adjust Free
magento2-module

Adjust Order Status to specific one if Criteria are met

v1.1.0 2yr ago
0
Make it pay

Turn an existing module into recurring revenue.

If you already maintain a Magento 2 module on GitHub or GitLab, listing it on Packagento takes about five minutes. We mirror your tags, handle distribution signing, and route paid licenses through Stripe Connect, so you can keep shipping the way you already do.

List your module