changeset 3376:972832108c78

mod_http_upload: Add CORS headers for web clients (untested)
author Matthew Wild <mwild1@gmail.com>
date Sun, 18 Nov 2018 12:06:13 +0000
parents 6317a5d8ce2d
children 683365d370d8
files mod_http_upload/mod_http_upload.lua
diffstat 1 files changed, 17 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/mod_http_upload/mod_http_upload.lua	Sat Nov 17 14:27:00 2018 +0000
+++ b/mod_http_upload/mod_http_upload.lua	Sun Nov 18 12:06:13 2018 +0000
@@ -284,6 +284,15 @@
 	end
 });
 
+local function set_cross_domain_headers(response)
+        local headers = response.headers;
+        headers.access_control_allow_methods = "GET, PUT, POST, OPTIONS";
+        headers.access_control_allow_headers = "Content-Type";
+        headers.access_control_max_age = "7200";
+        headers.access_control_allow_origin = response.request.headers.origin or "*";
+        return response;
+end
+
 local function send_response_sans_body(response, body)
 	if response.finished then return; end
 	response.finished = true;
@@ -320,6 +329,7 @@
 local serve_uploaded_files = http_files.serve(storage_path);
 
 local function serve_head(event, path)
+	set_cross_domain_headers(event.response);
 	event.response.send = send_response_sans_body;
 	event.response.send_file = send_response_sans_body;
 	return serve_uploaded_files(event, path);
@@ -337,6 +347,13 @@
 		["GET /*"] = serve_uploaded_files;
 		["HEAD /*"] = serve_head;
 		["PUT /*"] = upload_data;
+
+		["OPTIONS /*"] = function (event)
+			if event.request.headers.origin then
+				set_cross_domain_headers(event.response);
+			end
+			return "";
+		end;
 	};
 });