diff options
author | Jo-Philipp Wich <jo@mein.io> | 2018-04-24 20:32:47 +0200 |
---|---|---|
committer | Jo-Philipp Wich <jo@mein.io> | 2018-04-26 08:26:30 +0200 |
commit | 8459ec0ec8321a3a4e153f31398e1fe0a9306885 (patch) | |
tree | 41b9c4c3a2e43e6bb32cc23a756ca9457f688610 /modules/luci-base/luasrc | |
parent | 7d13ec601051bc78f8eb384dcd640c4a167b2556 (diff) |
luci-base: add simple CORS handling to luci.dispatcher
Support a new boolean property `cors` which - if set to true - causes the
dispatcher to positively answer CORS OPTIONS requests after authentication
without actually running the dispatching target.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Diffstat (limited to 'modules/luci-base/luasrc')
-rw-r--r-- | modules/luci-base/luasrc/dispatcher.lua | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/modules/luci-base/luasrc/dispatcher.lua b/modules/luci-base/luasrc/dispatcher.lua index 5fc2b80e71..1984fc4ad2 100644 --- a/modules/luci-base/luasrc/dispatcher.lua +++ b/modules/luci-base/luasrc/dispatcher.lua @@ -442,6 +442,13 @@ function dispatch(request) ctx.authuser = sdat.username end + if track.cors and http.getenv("REQUEST_METHOD") == "OPTIONS" then + luci.http.status(200, "OK") + luci.http.header("Access-Control-Allow-Origin", http.getenv("HTTP_ORIGIN") or "*") + luci.http.header("Access-Control-Allow-Methods", "GET, POST, OPTIONS") + return + end + if c and require_post_security(c.target) then if not test_post_security(c) then return |