bsw/jbe@1309: -- TODO workaround, needs to be resolved in WebMCP's request.handler
bsw/jbe@1309: if not request._route then
bsw/jbe@1309:   return
bsw/jbe@1309: end
bsw/jbe@1309: 
bsw@1548: -- TODO allow cors requests on api module?
bsw@1545: if request.get_module() == "oauth2" and 
bsw@1545:   (request.get_view() == "session" or request.get_view() == "validate")
bsw@1545: then 
bsw/jbe@1309:   local origin = request.get_header("Origin")
bsw/jbe@1309:   if origin then
bsw/jbe@1309:     request.add_header("Access-Control-Allow-Origin", origin)
bsw/jbe@1309:   end
bsw/jbe@1309:   request.add_header("Access-Control-Allow-Credentials", "true")
bsw/jbe@1309:   request.add_header("Access-Control-Max-Age", "0")
bsw/jbe@1309: else
bsw/jbe@1309:   request.add_header("Access-Control-Allow-Origin", "*")
bsw/jbe@1309: end
bsw/jbe@1309:     
bsw/jbe@1309: request.add_header("Access-Control-Allow-Headers", "Authorization")