Allow credentials for cors requests
diff --git a/scripts/lua/cors.lua b/scripts/lua/cors.lua
index 6e5c6db..ea11579 100644
--- a/scripts/lua/cors.lua
+++ b/scripts/lua/cors.lua
@@ -19,13 +19,13 @@
 -- Used to set cors headers for preflight and simple requests
 
 local _M = {}
-local request = require "lib/request"
+local request = require 'lib/request'
 
 function _M.processCall(resourceConfig)
   if resourceConfig.cors ~= nil then
     ngx.var.cors_origins = resourceConfig.cors.origin
     ngx.var.cors_methods = resourceConfig.cors.methods
-    if resourceConfig.cors.origin ~= 'false' and ngx.req.get_method() == "OPTIONS" then
+    if resourceConfig.cors.origin ~= 'false' and ngx.req.get_method() == 'OPTIONS' then
       request.success(200)
     end
   end
@@ -33,23 +33,14 @@
 
 function _M.replaceHeaders()
   if ngx.var.cors_origins ~= nil then
-    if ngx.var.cors_origins == 'true' then
-      ngx.header['Access-Control-Allow-Headers'] = ngx.req.get_headers()['Access-Control-Request-Headers']
-      ngx.header['Access-Control-Allow-Origin'] = '*'
-      ngx.header['Access-Control-Allow-Methods'] = ngx.var.cors_methods
-      if ngx.var.cors_methods == nil then
-        ngx.header['Access-Control-Allow-Methods'] = 'GET, POST, PUT, DELETE, PATCH, HEAD, OPTIONS'
-      end
-    elseif ngx.var.cors_origins == 'false' then
+    if ngx.var.cors_origins == 'false' then
       ngx.header['Access-Control-Allow-Origin'] = nil
       ngx.header['Access-Control-Allow-Methods'] = nil
     else
-      ngx.header['Access-Control-Allow-Origin'] = ngx.var.cors_origins
-      ngx.header['Access-Control-Allow-Methods'] = ngx.var.cors_methods
+      ngx.header['Access-Control-Allow-Origin'] = ngx.var.cors_origins == 'true' and (ngx.var.http_origin or '*') or ngx.var.cors_origins
+      ngx.header['Access-Control-Allow-Methods'] = ngx.var.cors_methods or 'GET, POST, PUT, DELETE, PATCH, HEAD, OPTIONS'
       ngx.header['Access-Control-Allow-Headers'] = ngx.req.get_headers()['Access-Control-Request-Headers']
-      if ngx.var.cors_methods == nil then
-        ngx.header['Access-Control-Allow-Methods'] = 'GET, POST, PUT, DELETE, PATCH, HEAD, OPTIONS'
-      end
+      ngx.header['Access-Control-Allow-Credentials'] = 'true'
     end
   end
 end