clean up the broken cors stuff
diff --git a/conf.d/managed_endpoints.conf b/conf.d/managed_endpoints.conf
index 1c2d3c2..9a612d6 100644
--- a/conf.d/managed_endpoints.conf
+++ b/conf.d/managed_endpoints.conf
@@ -70,7 +70,7 @@
set $apiKey '-';
set $gatewayPath $2;
set $analyticsUri '';
- set $cors '';
+ set $cors_origins '';
set $cors_methods '';
access_by_lua_block {
@@ -79,6 +79,10 @@
}
proxy_pass $upstream;
+ header_filter_by_lua_block {
+ local cors = require "cors"
+ cors.replaceHeaders()
+ }
}
location = /health {
diff --git a/doc/management_interface.md b/doc/management_interface.md
index 04dd779..2e6234b 100644
--- a/doc/management_interface.md
+++ b/doc/management_interface.md
@@ -13,12 +13,12 @@
"name": *(string),
"basePath": *(string),
"tenantId": *(string),
- "cors":{
- "origin": *(string),
- "methods": *(string)
- },
"resources": {
"<path>": {
+ "cors":{
+ "origin": *(string),
+ "methods": *(string)
+ },
"operations": {
"<method>": {
"backendMethod": *(string),
@@ -68,12 +68,12 @@
"name": *(string),
"basePath": *(string),
"tenantId": *(string),
- "cors": {
- "origin": *(string),
- "methods": *(string)
- }
"resources": {
"<path>": {
+ "cors": {
+ "origin": *(string),
+ "methods": *(string)
+ },
"operations": {
"<method>": {
"backendMethod": *(string),
diff --git a/scripts/lua/cors.lua b/scripts/lua/cors.lua
index 8e3308a..3a22af1 100644
--- a/scripts/lua/cors.lua
+++ b/scripts/lua/cors.lua
@@ -26,24 +26,31 @@
function _M.processCall(resourceConfig)
if resourceConfig.cors ~= nil then
- _M.setCorsHeaders(resourceConfig.cors.origin, resourceConfig.cors.methods)
- if ngx.req.get_method() == "OPTIONS" then
+ ngx.var.cors_origins = resourceConfig.cors.origin
+ ngx.var.cors_methods = resourceConfig.cors.methods
+ if resourceConfig.cors.origin ~= 'false' and ngx.req.get_method() == "OPTIONS" then
request.success(200)
end
end
end
-function _M.setCorsHeaders(corsOrigin, corsMethods)
- if corsOrigin ~= nil then
- if corsOrigin == 'false' then
+function _M.replaceHeaders()
+ if ngx.var.cors_origins ~= nil then
+ if ngx.var.cors_origins == 'true' then
+ ngx.header['Access-Control-Allow-Headers'] = ngx.req.get_headers()['Access-Control-Request-Headers']
+ ngx.header['Access-Control-Allow-Origin'] = '*'
+ ngx.header['Access-Control-Allow-Methods'] = ngx.var.cors_methods
+ if ngx.var.cors_methods == nil then
+ ngx.header['Access-Control-Allow-Methods'] = 'GET, POST, PUT, DELETE, PATCH, HEAD, OPTIONS'
+ end
+ elseif ngx.var.cors_origins == 'false' then
ngx.header['Access-Control-Allow-Origin'] = nil
ngx.header['Access-Control-Allow-Methods'] = nil
else
- ngx.header['Access-Control-Allow-Origin'] = corsOrigin
- ngx.header['Access-Control-Allow-Headers'] = ngx.req.get_headers()['Access-Control-Request-Headers']
- if corsMethods ~= nil then
- ngx.header['Access-Control-Allow-Methods'] = corsMethods
- else
+ ngx.header['Access-Control-Allow-Origin'] = ngx.var.cors_origins
+ ngx.header['Access-Control-Allow-Methods'] = ngx.var.cors_methods
+ ngx.header['Access-Control-Allow-Headers'] = ngx.req.get_headers()['Access-Control-Request-Headers']
+ if ngx.var.cors_methods == nil then
ngx.header['Access-Control-Allow-Methods'] = 'GET, POST, PUT, DELETE, PATCH, HEAD, OPTIONS'
end
end
diff --git a/scripts/lua/lib/redis.lua b/scripts/lua/lib/redis.lua
index 6fe2f35..8bcd67d 100644
--- a/scripts/lua/lib/redis.lua
+++ b/scripts/lua/lib/redis.lua
@@ -186,7 +186,7 @@
-- @param ops list of operations for a given resource
-- @param apiId resource api id (nil if no api)
-- @param tenantObj tenant information
-function _M.generateResourceObj(ops, apiId, tenantObj)
+function _M.generateResourceObj(ops, apiId, tenantObj, cors)
local resourceObj = {
operations = {}
}
@@ -203,6 +203,9 @@
resourceObj.operations[op].security = v.security
end
end
+ if cors then
+ resourceObj.cors = cors
+ end
if apiId then
resourceObj.apiId = apiId
end
diff --git a/scripts/lua/management/lib/apis.lua b/scripts/lua/management/lib/apis.lua
index d09fef4..536036b 100644
--- a/scripts/lua/management/lib/apis.lua
+++ b/scripts/lua/management/lib/apis.lua
@@ -103,7 +103,6 @@
tenantId = decoded.tenantId,
tenantNamespace = tenantObj.namespace,
tenantInstance = tenantObj.instance,
- cors = decoded.cors,
resources = decoded.resources,
managedUrl = managedUrl
}
@@ -166,4 +165,4 @@
return apiList
end
-return _M
\ No newline at end of file
+return _M
diff --git a/scripts/lua/management/lib/resources.lua b/scripts/lua/management/lib/resources.lua
index 0b8a95d..8fb3669 100644
--- a/scripts/lua/management/lib/resources.lua
+++ b/scripts/lua/management/lib/resources.lua
@@ -37,7 +37,8 @@
local redisKey = utils.concatStrings({"resources:", tenantObj.id, ":", gatewayPath})
local operations = resource.operations
local apiId = resource.apiId
- local resourceObj = redis.generateResourceObj(operations, apiId, tenantObj)
+ local cors = resource.cors
+ local resourceObj = redis.generateResourceObj(operations, apiId, tenantObj, cors)
redis.createResource(red, redisKey, REDIS_FIELD, resourceObj)
local indexKey = utils.concatStrings({"resources:", tenantObj.id, ":__index__"})
redis.addResourceToIndex(red, indexKey, redisKey)