You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openwhisk.apache.org by mh...@apache.org on 2017/09/17 20:06:27 UTC
[incubator-openwhisk-apigateway] 01/02: Allow credentials for cors
requests
This is an automated email from the ASF dual-hosted git repository.
mhamann pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-openwhisk-apigateway.git
commit 72b183cbbd4ea373fb0f82e099121156aaf0b39f
Author: Alex Song <so...@us.ibm.com>
AuthorDate: Tue Aug 22 14:18:29 2017 -0400
Allow credentials for cors requests
---
scripts/lua/cors.lua | 21 ++++++---------------
1 file changed, 6 insertions(+), 15 deletions(-)
diff --git a/scripts/lua/cors.lua b/scripts/lua/cors.lua
index 6e5c6db..ea11579 100644
--- a/scripts/lua/cors.lua
+++ b/scripts/lua/cors.lua
@@ -19,13 +19,13 @@
-- Used to set cors headers for preflight and simple requests
local _M = {}
-local request = require "lib/request"
+local request = require 'lib/request'
function _M.processCall(resourceConfig)
if resourceConfig.cors ~= nil then
ngx.var.cors_origins = resourceConfig.cors.origin
ngx.var.cors_methods = resourceConfig.cors.methods
- if resourceConfig.cors.origin ~= 'false' and ngx.req.get_method() == "OPTIONS" then
+ if resourceConfig.cors.origin ~= 'false' and ngx.req.get_method() == 'OPTIONS' then
request.success(200)
end
end
@@ -33,23 +33,14 @@ end
function _M.replaceHeaders()
if ngx.var.cors_origins ~= nil then
- if ngx.var.cors_origins == 'true' then
- ngx.header['Access-Control-Allow-Headers'] = ngx.req.get_headers()['Access-Control-Request-Headers']
- ngx.header['Access-Control-Allow-Origin'] = '*'
- ngx.header['Access-Control-Allow-Methods'] = ngx.var.cors_methods
- if ngx.var.cors_methods == nil then
- ngx.header['Access-Control-Allow-Methods'] = 'GET, POST, PUT, DELETE, PATCH, HEAD, OPTIONS'
- end
- elseif ngx.var.cors_origins == 'false' then
+ if ngx.var.cors_origins == 'false' then
ngx.header['Access-Control-Allow-Origin'] = nil
ngx.header['Access-Control-Allow-Methods'] = nil
else
- ngx.header['Access-Control-Allow-Origin'] = ngx.var.cors_origins
- ngx.header['Access-Control-Allow-Methods'] = ngx.var.cors_methods
+ ngx.header['Access-Control-Allow-Origin'] = ngx.var.cors_origins == 'true' and (ngx.var.http_origin or '*') or ngx.var.cors_origins
+ ngx.header['Access-Control-Allow-Methods'] = ngx.var.cors_methods or 'GET, POST, PUT, DELETE, PATCH, HEAD, OPTIONS'
ngx.header['Access-Control-Allow-Headers'] = ngx.req.get_headers()['Access-Control-Request-Headers']
- if ngx.var.cors_methods == nil then
- ngx.header['Access-Control-Allow-Methods'] = 'GET, POST, PUT, DELETE, PATCH, HEAD, OPTIONS'
- end
+ ngx.header['Access-Control-Allow-Credentials'] = 'true'
end
end
end
--
To stop receiving notification emails like this one, please contact
"commits@openwhisk.apache.org" <co...@openwhisk.apache.org>.