Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Laravel Cors
Assessments

Laravel Cors Laravel Package

spatie/laravel-cors

Adds configurable CORS support to Laravel/Lumen: sets CORS headers on responses, handles preflight requests, and lets you define allowed origins, methods, headers, and credentials via middleware and config. Abandoned since Laravel 7+ has native CORS support.

View on GitHub
Deep Wiki
Context7

Product Decisions This Supports

  • Legacy System Maintenance: Justification for adopting this package in Laravel 6 or below to avoid reinventing CORS middleware, reducing development time and technical debt.
  • API Security Compliance: Ensures adherence to CORS policies for cross-origin requests in older Laravel versions where native support is absent.
  • Cost Efficiency: Avoids licensing costs associated with proprietary alternatives, leveraging open-source (MIT license) for budget-conscious projects.
  • Roadmap Deprecation: Aligns with Laravel’s native CORS support (Laravel 7+) by documenting a clear migration path for future-proofing legacy systems.
  • Build vs. Buy: Favors "buy" (open-source) over custom development for low-risk, high-reward CORS implementation in constrained environments.

When to Consider This Package

  • Laravel Version: Only for Laravel 6 or below—native CORS support exists in Laravel 7+ (no need for this package).
  • Use Case Fit: Ideal for legacy APIs or microservices requiring CORS headers with minimal configuration (e.g., preflight support, customizable origins).
  • Avoid When:
    • Using Laravel 7+ (native middleware suffices).
    • Needing advanced CORS logic (e.g., dynamic origin validation, complex credentials handling)—consider custom middleware or frameworks like fruitcake/laravel-cors (active maintenance).
    • Requiring active development (this package is archived; no bug fixes or updates).
    • Building new projects—prioritize native Laravel features or modern alternatives.

How to Pitch It (Stakeholders)

For Executives: "This package resolves CORS compliance for our Laravel 6 API with zero licensing cost and minimal dev effort. By adopting it, we avoid reinventing the wheel, reduce security risks, and future-proof our migration to Laravel 7’s native CORS. A low-risk, high-impact fix for legacy systems."

For Engineering: "For Laravel 6 or below, spatie/laravel-cors provides a battle-tested, configurable CORS middleware (preflight support, custom origins) with zero maintenance overhead. It’s a drop-in solution—install, configure, and forget. Critical caveat: Only use this for legacy systems; Laravel 7+ has built-in CORS. For new projects, leverage native features or active alternatives like fruitcake/laravel-cors."

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
davejamesmiller/laravel-breadcrumbs
artisanry/parsedown
christhompsontldr/phpsdk
enqueue/dsn
bunny/bunny
enqueue/test
enqueue/null
enqueue/amqp-tools
milesj/emojibase
bower-asset/punycode
bower-asset/inputmask
bower-asset/jquery
bower-asset/yii2-pjax
laravel/nova
spatie/laravel-mailcoach
spatie/laravel-superseeder
laravel/liferaft
nst/json-test-suite
danielmiessler/sec-lists
jackalope/jackalope-transport