# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1684414308 -7200
# Node ID 5108f63e762bceccfa5ef9c9157ffe9647f3e2a4
# Parent  30e2722c9fa3ce7c321f9947ae3d47828860d487
mod_http_oauth2: Allow CORS for browser clients

Needed for web clients to reach i.e. the token endpoint.

diff -r 30e2722c9fa3 -r 5108f63e762b mod_http_oauth2/mod_http_oauth2.lua
--- a/mod_http_oauth2/mod_http_oauth2.lua	Thu May 18 14:47:54 2023 +0200
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Thu May 18 14:51:48 2023 +0200
@@ -1025,6 +1025,7 @@
 
 module:depends("http");
 module:provides("http", {
+	cors = { enabled = true; credentials = true };
 	route = {
 		-- OAuth 2.0 in 5 simple steps!
 		-- This is the normal 'authorization_code' flow.
@@ -1089,6 +1090,7 @@
 module:provides("http", {
 	name = "oauth2-discovery";
 	default_path = "/.well-known/oauth-authorization-server";
+	cors = { enabled = true };
 	route = {
 		["GET"] = {
 			headers = { content_type = "application/json" };