liquid_feedback_frontend
annotate app/main/http_options.lua @ 1545:26a1ed6bc9df
Allow cross site request to validate endpoint
| author | bsw |
|---|---|
| date | Thu Oct 22 11:52:15 2020 +0200 (2020-10-22) |
| parents | 32cc544d5a5b |
| children | 408e4b1d5234 |
| rev | line source |
|---|---|
| bsw/jbe@1309 | 1 -- TODO workaround, needs to be resolved in WebMCP's request.handler |
| bsw/jbe@1309 | 2 if not request._route then |
| bsw/jbe@1309 | 3 return |
| bsw/jbe@1309 | 4 end |
| bsw/jbe@1309 | 5 |
| bsw@1545 | 6 if request.get_module() == "oauth2" and |
| bsw@1545 | 7 (request.get_view() == "session" or request.get_view() == "validate") |
| bsw@1545 | 8 then |
| bsw/jbe@1309 | 9 local origin = request.get_header("Origin") |
| bsw/jbe@1309 | 10 if origin then |
| bsw/jbe@1309 | 11 request.add_header("Access-Control-Allow-Origin", origin) |
| bsw/jbe@1309 | 12 end |
| bsw/jbe@1309 | 13 request.add_header("Access-Control-Allow-Credentials", "true") |
| bsw/jbe@1309 | 14 request.add_header("Access-Control-Max-Age", "0") |
| bsw/jbe@1309 | 15 else |
| bsw/jbe@1309 | 16 request.add_header("Access-Control-Allow-Origin", "*") |
| bsw/jbe@1309 | 17 end |
| bsw/jbe@1309 | 18 |
| bsw/jbe@1309 | 19 request.add_header("Access-Control-Allow-Headers", "Authorization") |