luci-base: add simple CORS handling to luci.dispatcher

Support a new boolean property `cors` which - if set to true - causes the
dispatcher to positively answer CORS OPTIONS requests after authentication
without actually running the dispatching target.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This commit is contained in:
Jo-Philipp Wich 2018-04-24 20:32:47 +02:00
parent 7d13ec6010
commit 8459ec0ec8

View File

@ -442,6 +442,13 @@ function dispatch(request)
ctx.authuser = sdat.username
end
if track.cors and http.getenv("REQUEST_METHOD") == "OPTIONS" then
luci.http.status(200, "OK")
luci.http.header("Access-Control-Allow-Origin", http.getenv("HTTP_ORIGIN") or "*")
luci.http.header("Access-Control-Allow-Methods", "GET, POST, OPTIONS")
return
end
if c and require_post_security(c.target) then
if not test_post_security(c) then
return