You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openwhisk.apache.org by mh...@apache.org on 2017/09/17 20:06:27 UTC

[incubator-openwhisk-apigateway] 01/02: Allow credentials for cors requests

This is an automated email from the ASF dual-hosted git repository.

mhamann pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-openwhisk-apigateway.git

commit 72b183cbbd4ea373fb0f82e099121156aaf0b39f
Author: Alex Song <so...@us.ibm.com>
AuthorDate: Tue Aug 22 14:18:29 2017 -0400

    Allow credentials for cors requests
---
 scripts/lua/cors.lua | 21 ++++++---------------
 1 file changed, 6 insertions(+), 15 deletions(-)

diff --git a/scripts/lua/cors.lua b/scripts/lua/cors.lua
index 6e5c6db..ea11579 100644
--- a/scripts/lua/cors.lua
+++ b/scripts/lua/cors.lua
@@ -19,13 +19,13 @@
 -- Used to set cors headers for preflight and simple requests
 
 local _M = {}
-local request = require "lib/request"
+local request = require 'lib/request'
 
 function _M.processCall(resourceConfig)
   if resourceConfig.cors ~= nil then
     ngx.var.cors_origins = resourceConfig.cors.origin
     ngx.var.cors_methods = resourceConfig.cors.methods
-    if resourceConfig.cors.origin ~= 'false' and ngx.req.get_method() == "OPTIONS" then
+    if resourceConfig.cors.origin ~= 'false' and ngx.req.get_method() == 'OPTIONS' then
       request.success(200)
     end
   end
@@ -33,23 +33,14 @@ end
 
 function _M.replaceHeaders()
   if ngx.var.cors_origins ~= nil then
-    if ngx.var.cors_origins == 'true' then
-      ngx.header['Access-Control-Allow-Headers'] = ngx.req.get_headers()['Access-Control-Request-Headers']
-      ngx.header['Access-Control-Allow-Origin'] = '*'
-      ngx.header['Access-Control-Allow-Methods'] = ngx.var.cors_methods
-      if ngx.var.cors_methods == nil then
-        ngx.header['Access-Control-Allow-Methods'] = 'GET, POST, PUT, DELETE, PATCH, HEAD, OPTIONS'
-      end
-    elseif ngx.var.cors_origins == 'false' then
+    if ngx.var.cors_origins == 'false' then
       ngx.header['Access-Control-Allow-Origin'] = nil
       ngx.header['Access-Control-Allow-Methods'] = nil
     else
-      ngx.header['Access-Control-Allow-Origin'] = ngx.var.cors_origins
-      ngx.header['Access-Control-Allow-Methods'] = ngx.var.cors_methods
+      ngx.header['Access-Control-Allow-Origin'] = ngx.var.cors_origins == 'true' and (ngx.var.http_origin or '*') or ngx.var.cors_origins
+      ngx.header['Access-Control-Allow-Methods'] = ngx.var.cors_methods or 'GET, POST, PUT, DELETE, PATCH, HEAD, OPTIONS'
       ngx.header['Access-Control-Allow-Headers'] = ngx.req.get_headers()['Access-Control-Request-Headers']
-      if ngx.var.cors_methods == nil then
-        ngx.header['Access-Control-Allow-Methods'] = 'GET, POST, PUT, DELETE, PATCH, HEAD, OPTIONS'
-      end
+      ngx.header['Access-Control-Allow-Credentials'] = 'true'
     end
   end
 end

-- 
To stop receiving notification emails like this one, please contact
"commits@openwhisk.apache.org" <co...@openwhisk.apache.org>.