From d4605a6938794c3919235c8ddef4c0bdddf69d99 Mon Sep 17 00:00:00 2001 From: J Phani Mahesh Date: Fri, 21 Sep 2018 10:57:47 +0530 Subject: [PATCH] Better CORS support (#3) allow unauthenticated OPTIONS, add default ACAH --- src/api-umbrella/proxy/middleware/api_settings.lua | 7 +++++++ .../proxy/middleware/rewrite_response.lua | 11 +++++++++++ 2 files changed, 18 insertions(+) diff --git a/src/api-umbrella/proxy/middleware/api_settings.lua b/src/api-umbrella/proxy/middleware/api_settings.lua index e0e48989f..5587a9963 100644 --- a/src/api-umbrella/proxy/middleware/api_settings.lua +++ b/src/api-umbrella/proxy/middleware/api_settings.lua @@ -17,6 +17,13 @@ return function(api) deep_merge_overwrite_arrays(settings, api["settings"]) end + -- Add some defaults for OPTIONS + -- See https://github.com/apinf/platform/issues/3531 + local request_method = ngx.ctx.request_method + if(request_method == "OPTIONS") then + settings["disable_api_key"] = true + end + -- See if there's any settings for a matching sub-url. if api["sub_settings"] then local request_method = ngx.ctx.request_method diff --git a/src/api-umbrella/proxy/middleware/rewrite_response.lua b/src/api-umbrella/proxy/middleware/rewrite_response.lua index be05bf254..0971dc99f 100644 --- a/src/api-umbrella/proxy/middleware/rewrite_response.lua +++ b/src/api-umbrella/proxy/middleware/rewrite_response.lua @@ -53,6 +53,15 @@ local function set_via_header() end end +local function set_cors_headers() + local acah = ngx.header["Access-Control-Allow-Headers"] + if acah == "" or acah == nil then + ngx.header["Access-Control-Allow-Headers"] = "x-api-key" + else + ngx.header["Access-Control-Allow-Headers"] = acah .. ",x-api-key" + end +end + local function set_default_headers(settings) if settings["_default_response_headers"] then local existing_headers = ngx.resp.get_headers() @@ -121,6 +130,8 @@ return function(settings) set_cache_header() set_via_header() + set_cors_headers() + if settings then set_default_headers(settings) set_override_headers(settings)