Changeset

10258:4ff2f14f9ac7

mod_http: Add support for configuring CORS Access-Control-Allow-Credentials
author Matthew Wild <mwild1@gmail.com>
date Wed, 11 Sep 2019 15:10:31 +0100
parents 10256:b2e7b07f8b74
children 10259:9df135b06c2f
files plugins/mod_http.lua
diffstat 1 files changed, 6 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/plugins/mod_http.lua	Tue Sep 10 18:17:13 2019 +0200
+++ b/plugins/mod_http.lua	Wed Sep 11 15:10:31 2019 +0100
@@ -26,6 +26,7 @@
 -- CORS settigs
 local opt_methods = module:get_option_set("access_control_allow_methods", { "GET", "OPTIONS" });
 local opt_headers = module:get_option_set("access_control_allow_headers", { "Content-Type" });
+local opt_credentials = module:get_option_boolean("access_control_allow_credentials", false);
 local opt_max_age = module:get_option_number("access_control_max_age", 2 * 60 * 60);
 
 local function get_http_event(host, app_path, key)
@@ -89,11 +90,14 @@
 	return "http://disabled.invalid/";
 end
 
-local function apply_cors_headers(response, methods, headers, max_age, origin)
+local function apply_cors_headers(response, methods, headers, max_age, allow_credentials, origin)
 	response.headers.access_control_allow_methods = tostring(methods);
 	response.headers.access_control_allow_headers = tostring(headers);
 	response.headers.access_control_max_age = tostring(max_age)
 	response.headers.access_control_allow_origin = origin or "*";
+	if allow_credentials then
+		response.headers.access_control_allow_credentials = "true";
+	end
 end
 
 function module.add_host(module)
@@ -119,7 +123,7 @@
 
 		local function cors_handler(event_data)
 			local request, response = event_data.request, event_data.response;
-			apply_cors_headers(response, app_methods, opt_headers, opt_max_age, request.headers.origin);
+			apply_cors_headers(response, app_methods, opt_headers, opt_max_age, opt_credentials, request.headers.origin);
 		end
 
 		local function options_handler(event_data)