summaryrefslogtreecommitdiffhomepage
path: root/modules/luci-base/luasrc
diff options
context:
space:
mode:
authorJo-Philipp Wich <jo@mein.io>2018-04-24 20:32:47 +0200
committerJo-Philipp Wich <jo@mein.io>2018-04-26 08:26:30 +0200
commit8459ec0ec8321a3a4e153f31398e1fe0a9306885 (patch)
tree41b9c4c3a2e43e6bb32cc23a756ca9457f688610 /modules/luci-base/luasrc
parent7d13ec601051bc78f8eb384dcd640c4a167b2556 (diff)
luci-base: add simple CORS handling to luci.dispatcher
Support a new boolean property `cors` which - if set to true - causes the dispatcher to positively answer CORS OPTIONS requests after authentication without actually running the dispatching target. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Diffstat (limited to 'modules/luci-base/luasrc')
-rw-r--r--modules/luci-base/luasrc/dispatcher.lua7
1 files changed, 7 insertions, 0 deletions
diff --git a/modules/luci-base/luasrc/dispatcher.lua b/modules/luci-base/luasrc/dispatcher.lua
index 5fc2b80e71..1984fc4ad2 100644
--- a/modules/luci-base/luasrc/dispatcher.lua
+++ b/modules/luci-base/luasrc/dispatcher.lua
@@ -442,6 +442,13 @@ function dispatch(request)
ctx.authuser = sdat.username
end
+ if track.cors and http.getenv("REQUEST_METHOD") == "OPTIONS" then
+ luci.http.status(200, "OK")
+ luci.http.header("Access-Control-Allow-Origin", http.getenv("HTTP_ORIGIN") or "*")
+ luci.http.header("Access-Control-Allow-Methods", "GET, POST, OPTIONS")
+ return
+ end
+
if c and require_post_security(c.target) then
if not test_post_security(c) then
return