luci-base: add simple CORS handling to luci.dispatcher

Support a new boolean property `cors` which - if set to true - causes the dispatcher to positively answer CORS OPTIONS requests after authentication without actually running the dispatching target. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
author: Jo-Philipp Wich <jo@mein.io> 2018-04-24 20:32:47 +0200
committer: Jo-Philipp Wich <jo@mein.io> 2018-04-26 08:26:30 +0200
commit: 8459ec0ec8321a3a4e153f31398e1fe0a9306885 (patch)
tree: 41b9c4c3a2e43e6bb32cc23a756ca9457f688610 /modules/luci-base/luasrc/dispatcher.lua
parent: 7d13ec601051bc78f8eb384dcd640c4a167b2556 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/modules/luci-base/luasrc/dispatcher.lua b/modules/luci-base/luasrc/dispatcher.lua
index 5fc2b80e7..1984fc4ad 100644
--- a/modules/luci-base/luasrc/dispatcher.lua
+++ b/modules/luci-base/luasrc/dispatcher.lua
@@ -442,6 +442,13 @@ function dispatch(request)
 		ctx.authuser = sdat.username
 	end
 
+	if track.cors and http.getenv("REQUEST_METHOD") == "OPTIONS" then
+		luci.http.status(200, "OK")
+		luci.http.header("Access-Control-Allow-Origin", http.getenv("HTTP_ORIGIN") or "*")
+		luci.http.header("Access-Control-Allow-Methods", "GET, POST, OPTIONS")
+		return
+	end
+
 	if c and require_post_security(c.target) then
 		if not test_post_security(c) then
 			return
author	Jo-Philipp Wich <jo@mein.io>	2018-04-24 20:32:47 +0200
committer	Jo-Philipp Wich <jo@mein.io>	2018-04-26 08:26:30 +0200
commit	8459ec0ec8321a3a4e153f31398e1fe0a9306885 (patch)
tree	41b9c4c3a2e43e6bb32cc23a756ca9457f688610 /modules/luci-base/luasrc/dispatcher.lua
parent	7d13ec601051bc78f8eb384dcd640c4a167b2556 (diff)