luci-base: add simple CORS handling to luci.dispatcher
authorJo-Philipp Wich <jo@mein.io>
Tue, 24 Apr 2018 18:32:47 +0000 (20:32 +0200)
committerJo-Philipp Wich <jo@mein.io>
Thu, 26 Apr 2018 06:26:30 +0000 (08:26 +0200)
Support a new boolean property `cors` which - if set to true - causes the
dispatcher to positively answer CORS OPTIONS requests after authentication
without actually running the dispatching target.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
modules/luci-base/luasrc/dispatcher.lua

index 5fc2b80e710c15a7bce50a2490d7316a824a4984..1984fc4ad2c84b1b5de701ddc1e9a078296647b4 100644 (file)
@@ -442,6 +442,13 @@ function dispatch(request)
                ctx.authuser = sdat.username
        end
 
+       if track.cors and http.getenv("REQUEST_METHOD") == "OPTIONS" then
+               luci.http.status(200, "OK")
+               luci.http.header("Access-Control-Allow-Origin", http.getenv("HTTP_ORIGIN") or "*")
+               luci.http.header("Access-Control-Allow-Methods", "GET, POST, OPTIONS")
+               return
+       end
+
        if c and require_post_security(c.target) then
                if not test_post_security(c) then
                        return