scripts/lua/cors.lua - openwhisk-apigateway - Git at Google

 -- Copyright (c) 2016 IBM. All rights reserved.
 --
 --   Permission is hereby granted, free of charge, to any person obtaining a
 --   copy of this software and associated documentation files (the "Software"),
 --   to deal in the Software without restriction, including without limitation
 --   the rights to use, copy, modify, merge, publish, distribute, sublicense,
 --   and/or sell copies of the Software, and to permit persons to whom the
 --   Software is furnished to do so, subject to the following conditions:
 --
 --   The above copyright notice and this permission notice shall be included in
 --   all copies or substantial portions of the Software.
 --
 --   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 --   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 --   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 --   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 --   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
 --   FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
 --   DEALINGS IN THE SOFTWARE.

 --- @module Cors
 -- Used to set cors headers for preflight and simple requests

 local _M = {}
 local request = require "lib/request"

 function _M.processCall(resourceConfig)
   if resourceConfig.cors ~= nil then
     ngx.var.cors_origins = resourceConfig.cors.origin
     ngx.var.cors_methods = resourceConfig.cors.methods
     if resourceConfig.cors.origin ~= 'false' and ngx.req.get_method() == "OPTIONS" then
       request.success(200)
     end
   end
 end

 function _M.replaceHeaders()
   if ngx.var.cors_origins ~= nil then
     if ngx.var.cors_origins == 'true' then
       ngx.header['Access-Control-Allow-Headers'] = ngx.req.get_headers()['Access-Control-Request-Headers']
       ngx.header['Access-Control-Allow-Origin'] = '*'
       ngx.header['Access-Control-Allow-Methods'] = ngx.var.cors_methods
       if ngx.var.cors_methods == nil then
         ngx.header['Access-Control-Allow-Methods'] = 'GET, POST, PUT, DELETE, PATCH, HEAD, OPTIONS'
       end
     elseif ngx.var.cors_origins == 'false' then
       ngx.header['Access-Control-Allow-Origin'] = nil
       ngx.header['Access-Control-Allow-Methods'] = nil
     else
       ngx.header['Access-Control-Allow-Origin'] = ngx.var.cors_origins
       ngx.header['Access-Control-Allow-Methods'] = ngx.var.cors_methods
       ngx.header['Access-Control-Allow-Headers'] = ngx.req.get_headers()['Access-Control-Request-Headers']
       if ngx.var.cors_methods == nil then
         ngx.header['Access-Control-Allow-Methods'] = 'GET, POST, PUT, DELETE, PATCH, HEAD, OPTIONS'
       end
     end
   end
 end

 return _M
	-- Copyright (c) 2016 IBM. All rights reserved.
	--
	-- Permission is hereby granted, free of charge, to any person obtaining a
	-- copy of this software and associated documentation files (the "Software"),
	-- to deal in the Software without restriction, including without limitation
	-- the rights to use, copy, modify, merge, publish, distribute, sublicense,
	-- and/or sell copies of the Software, and to permit persons to whom the
	-- Software is furnished to do so, subject to the following conditions:
	--
	-- The above copyright notice and this permission notice shall be included in
	-- all copies or substantial portions of the Software.
	--
	-- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
	-- IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
	-- FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
	-- AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
	-- LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
	-- FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
	-- DEALINGS IN THE SOFTWARE.

	--- @module Cors
	-- Used to set cors headers for preflight and simple requests

	local _M = {}
	local request = require "lib/request"

	function _M.processCall(resourceConfig)
	if resourceConfig.cors ~= nil then
	ngx.var.cors_origins = resourceConfig.cors.origin
	ngx.var.cors_methods = resourceConfig.cors.methods
	if resourceConfig.cors.origin ~= 'false' and ngx.req.get_method() == "OPTIONS" then
	request.success(200)
	end
	end
	end

	function _M.replaceHeaders()
	if ngx.var.cors_origins ~= nil then
	if ngx.var.cors_origins == 'true' then
	ngx.header['Access-Control-Allow-Headers'] = ngx.req.get_headers()['Access-Control-Request-Headers']
	ngx.header['Access-Control-Allow-Origin'] = '*'
	ngx.header['Access-Control-Allow-Methods'] = ngx.var.cors_methods
	if ngx.var.cors_methods == nil then
	ngx.header['Access-Control-Allow-Methods'] = 'GET, POST, PUT, DELETE, PATCH, HEAD, OPTIONS'
	end
	elseif ngx.var.cors_origins == 'false' then
	ngx.header['Access-Control-Allow-Origin'] = nil
	ngx.header['Access-Control-Allow-Methods'] = nil
	else
	ngx.header['Access-Control-Allow-Origin'] = ngx.var.cors_origins
	ngx.header['Access-Control-Allow-Methods'] = ngx.var.cors_methods
	ngx.header['Access-Control-Allow-Headers'] = ngx.req.get_headers()['Access-Control-Request-Headers']
	if ngx.var.cors_methods == nil then
	ngx.header['Access-Control-Allow-Methods'] = 'GET, POST, PUT, DELETE, PATCH, HEAD, OPTIONS'
	end
	end
	end
	end

	return _M