# HG changeset patch # User Matthew Wild # Date 1542542773 0 # Node ID 972832108c789db81cc276f8f23458afec9aac26 # Parent 6317a5d8ce2dbbaecc40261d98249f0fa7ab5c11 mod_http_upload: Add CORS headers for web clients (untested) diff -r 6317a5d8ce2d -r 972832108c78 mod_http_upload/mod_http_upload.lua --- a/mod_http_upload/mod_http_upload.lua Sat Nov 17 14:27:00 2018 +0000 +++ b/mod_http_upload/mod_http_upload.lua Sun Nov 18 12:06:13 2018 +0000 @@ -284,6 +284,15 @@ end }); +local function set_cross_domain_headers(response) + local headers = response.headers; + headers.access_control_allow_methods = "GET, PUT, POST, OPTIONS"; + headers.access_control_allow_headers = "Content-Type"; + headers.access_control_max_age = "7200"; + headers.access_control_allow_origin = response.request.headers.origin or "*"; + return response; +end + local function send_response_sans_body(response, body) if response.finished then return; end response.finished = true; @@ -320,6 +329,7 @@ local serve_uploaded_files = http_files.serve(storage_path); local function serve_head(event, path) + set_cross_domain_headers(event.response); event.response.send = send_response_sans_body; event.response.send_file = send_response_sans_body; return serve_uploaded_files(event, path); @@ -337,6 +347,13 @@ ["GET /*"] = serve_uploaded_files; ["HEAD /*"] = serve_head; ["PUT /*"] = upload_data; + + ["OPTIONS /*"] = function (event) + if event.request.headers.origin then + set_cross_domain_headers(event.response); + end + return ""; + end; }; });