prosody
4ff2f14f9ac7
plugins/mod_http.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

plugins/mod_http.lua @ 10258:4ff2f14f9ac7

mod_http: Add support for configuring CORS Access-Control-Allow-Credentials
author Matthew Wild <mwild1@gmail.com>
date Wed, 11 Sep 2019 15:10:31 +0100
parent 9852:6ea3cafb6ac3
child 10315:d4c538a7d655
comparison
equal deleted inserted replaced
10256:b2e7b07f8b74 10258:4ff2f14f9ac7
24 server.set_option("buffer_size_limit", module:get_option_number("http_max_buffer_size")); 24 server.set_option("buffer_size_limit", module:get_option_number("http_max_buffer_size"));
25 25
26 -- CORS settigs 26 -- CORS settigs
27 local opt_methods = module:get_option_set("access_control_allow_methods", { "GET", "OPTIONS" }); 27 local opt_methods = module:get_option_set("access_control_allow_methods", { "GET", "OPTIONS" });
28 local opt_headers = module:get_option_set("access_control_allow_headers", { "Content-Type" }); 28 local opt_headers = module:get_option_set("access_control_allow_headers", { "Content-Type" });
29 local opt_credentials = module:get_option_boolean("access_control_allow_credentials", false);
29 local opt_max_age = module:get_option_number("access_control_max_age", 2 * 60 * 60); 30 local opt_max_age = module:get_option_number("access_control_max_age", 2 * 60 * 60);
30 31
31 local function get_http_event(host, app_path, key) 32 local function get_http_event(host, app_path, key)
32 local method, path = key:match("^(%S+)%s+(.+)$"); 33 local method, path = key:match("^(%S+)%s+(.+)$");
33 if not method then -- No path specified, default to "" (base path) 34 if not method then -- No path specified, default to "" (base path)
87 end 88 end
88 module:log("warn", "No http ports enabled, can't generate an external URL"); 89 module:log("warn", "No http ports enabled, can't generate an external URL");
89 return "http://disabled.invalid/"; 90 return "http://disabled.invalid/";
90 end 91 end
91 92
92 local function apply_cors_headers(response, methods, headers, max_age, origin) 93 local function apply_cors_headers(response, methods, headers, max_age, allow_credentials, origin)
93 response.headers.access_control_allow_methods = tostring(methods); 94 response.headers.access_control_allow_methods = tostring(methods);
94 response.headers.access_control_allow_headers = tostring(headers); 95 response.headers.access_control_allow_headers = tostring(headers);
95 response.headers.access_control_max_age = tostring(max_age) 96 response.headers.access_control_max_age = tostring(max_age)
96 response.headers.access_control_allow_origin = origin or "*"; 97 response.headers.access_control_allow_origin = origin or "*";
98 if allow_credentials then
99 response.headers.access_control_allow_credentials = "true";
100 end
97 end 101 end
98 102
99 function module.add_host(module) 103 function module.add_host(module)
100 local host = module.host; 104 local host = module.host;
101 if host ~= "*" then 105 if host ~= "*" then
117 121
118 local app_methods = opt_methods; 122 local app_methods = opt_methods;
119 123
120 local function cors_handler(event_data) 124 local function cors_handler(event_data)
121 local request, response = event_data.request, event_data.response; 125 local request, response = event_data.request, event_data.response;
122 apply_cors_headers(response, app_methods, opt_headers, opt_max_age, request.headers.origin); 126 apply_cors_headers(response, app_methods, opt_headers, opt_max_age, opt_credentials, request.headers.origin);
123 end 127 end
124 128
125 local function options_handler(event_data) 129 local function options_handler(event_data)
126 cors_handler(event_data); 130 cors_handler(event_data);
127 return ""; 131 return "";