Proposal: Dynamic Access-Control-Expose-Headers Support #29
Description
Summary
This proposal aims to enhance the php-cors library by adding support for dynamic of the Access-Control-Expose-Headers header. Currently, this header is set globally, which limits flexibility in scenarios where different routes require different exposed headers.
Motivation
In complex applications, different routes often need to expose different custom headers. The current static, global configuration of Access-Control-Expose-Headers in php-cors doesn't provide the necessary flexibility for such cases. This proposal seeks to address this limitation by allowing developers to dynamically set exposed headers at the controller or middleware level.
Proposed Implementation
- Modify the CORS middleware to check for an Access-Control-Expose-Headers header in the response object.
- If present, merge this dynamically set header with the globally configured exposed headers.
- Use the combined list when setting the final Access-Control-Expose-Headers header in the CORS response.