It's the implement of CORS on OpenResty
Switch branches/tags
Nothing to show
Clone or download
Latest commit 09fdd94 Nov 5, 2018
Permalink
Failed to load latest commit information.
lib/resty bugfix: minor tweaks Oct 26, 2018
t add test Oct 10, 2016
.editorconfig first commit Oct 10, 2016
.gitattributes first commit Oct 10, 2016
.gitignore add test Oct 10, 2016
.travis.yml version: bump to 0.2.1 Oct 24, 2018
LICENSE Initial commit Oct 10, 2016
Makefile add test Oct 10, 2016
README.md Update README.md Nov 5, 2018
dist.ini bugfix: minor tweaks Oct 26, 2018
lua-resty-cors-0.2-1.rockspec feature: support luarocks Jan 28, 2017

README.md

Name

lua-resty-cors

lua-resty-cors

It's the implement of CORS on OpenResty and It backports the nginx-http-cors to OpenResty

Table of Contents

Status

Build Status

Usage

It may be placed on the nginx http block for a global CORS config or in each server block to configure a different CORS for each virtual host as the following:

http {
      init_by_lua_block {
        local cors = require('lib.resty.cors');

        cors.allow_host([==[.*\.google\.com]==])
        cors.allow_host([==[.*\.facebook\.com]==])
        cors.expose_header('x-custom-field1')
        cors.expose_header('x-custom-field2')
        cors.allow_method('GET')
        cors.allow_method('POST')
        cors.allow_method('PUT')
        cors.allow_method('DELETE')
        cors.allow_header('x-custom-field1')
        cors.allow_header('x-custom-field2')
        cors.max_age(7200)
        cors.allow_credentials(false)
      }
      
      header_filter_by_lua_block {
        local cors = require('lib.resty.cors');
        cors.run()
    }
}

API

allow_host

syntax: cors.allow_host(host)

This will match the host from cors request then be added to the header Access-Control-Allow-Origin like as the following:

Request:
Origin: https://www.google.com

Response:
Access-Control-Allow-Origin: http://www.google.com

expose_header

syntax: cors.expose_header(header)

This will be added to the header Access-Control-Expose-Headers like as the following:

Request:
Origin: https://www.google.com

Response:
Access-Control-Expose-Headers: x-custom-field1,x-custom-field2

allow_method

syntax: cors.allow_method(method)

This will be added to the header Access-Control-Allow-Methods like as the following:

Request:
Origin: https://www.google.com

Response:
Access-Control-Allow-Methods:GET,POST,PUT

allow_header

syntax: cors.allow_header(header)

This will be added to the header Access-Control-Allow-Headers like as the following:

Request:
Origin: https://www.google.com

Response:
Access-Control-Allow-Headers:x-custom-field1,x-custom-field2

max_age

syntax: cors.max_age(age)

This will be added to the header Access-Control-Max-Age like as the following:

Request:
Origin: https://www.google.com

Response:
Access-Control-Max-Age: 7200

Allow-Credentials

syntax: cors.allow_credentials(true or false)

This will be added to the header Access-Control-Allow-Credentials like as the following:

Request:
Origin: https://www.google.com

Response:
Access-Control-Allow-Credentials: true

run

syntax: cors.run()

This is the entry for lua-resty-cors to run

Contributing

To contribute to lua-resty-cors, clone this repo locally and commit your code on a separate branch.

PS: PR Welcome πŸš€ πŸš€ πŸš€ πŸš€

Author

GitHub @detailyang

License

lua-resty-cors is licensed under the MIT license.