diff mod_http_oauth2/mod_http_oauth2.lua @ 5480:5108f63e762b

mod_http_oauth2: Allow CORS for browser clients Needed for web clients to reach i.e. the token endpoint.
author Kim Alvefur <zash@zash.se>
date Thu, 18 May 2023 14:51:48 +0200
parents 30e2722c9fa3
children 7998b49d6512
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua	Thu May 18 14:47:54 2023 +0200
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Thu May 18 14:51:48 2023 +0200
@@ -1025,6 +1025,7 @@
 
 module:depends("http");
 module:provides("http", {
+	cors = { enabled = true; credentials = true };
 	route = {
 		-- OAuth 2.0 in 5 simple steps!
 		-- This is the normal 'authorization_code' flow.
@@ -1089,6 +1090,7 @@
 module:provides("http", {
 	name = "oauth2-discovery";
 	default_path = "/.well-known/oauth-authorization-server";
+	cors = { enabled = true };
 	route = {
 		["GET"] = {
 			headers = { content_type = "application/json" };