lua-resty-cors
It's the implement of CORS on OpenResty and It backports the nginx-http-cors to OpenResty
It may be placed on the nginx http block for a global CORS config or in each server block to configure a different CORS for each virtual host as the following:
http {
init_by_lua_block {
local cors = require('lib.resty.cors');
cors.allow_host([==[.*\.google\.com]==])
cors.allow_host([==[.*\.facebook\.com]==])
cors.expose_header('x-custom-field1')
cors.expose_header('x-custom-field2')
cors.allow_method('GET')
cors.allow_method('POST')
cors.allow_method('PUT')
cors.allow_method('DELETE')
cors.allow_header('x-custom-field1')
cors.allow_header('x-custom-field2')
cors.max_age(7200)
cors.allow_credentials(false)
}
header_filter_by_lua_block {
local cors = require('lib.resty.cors');
cors.run()
}
}
syntax: cors.allow_host(host)
This will match the host from cors request then be added to the header Access-Control-Allow-Origin like as the following:
Request:
Origin: https://www.google.com
Response:
Access-Control-Allow-Origin: http://www.google.com
syntax: cors.expose_header(header)
This will be added to the header Access-Control-Expose-Headers like as the following:
Request:
Origin: https://www.google.com
Response:
Access-Control-Expose-Headers: x-custom-field1,x-custom-field2
syntax: cors.allow_method(method)
This will be added to the header Access-Control-Allow-Methods like as the following:
Request:
Origin: https://www.google.com
Response:
Access-Control-Allow-Methods:GET,POST,PUT
syntax: cors.allow_header(header)
This will be added to the header Access-Control-Allow-Headers like as the following:
Request:
Origin: https://www.google.com
Response:
Access-Control-Allow-Headers:x-custom-field1,x-custom-field2
syntax: cors.max_age(age)
This will be added to the header Access-Control-Max-Age like as the following:
Request:
Origin: https://www.google.com
Response:
Access-Control-Max-Age: 7200
syntax: cors.allow_credentials(true or false)
This will be added to the header Access-Control-Allow-Credentials like as the following:
Request:
Origin: https://www.google.com
Response:
Access-Control-Allow-Credentials: true
syntax: cors.run()
This is the entry for lua-resty-cors to run
To contribute to lua-resty-cors, clone this repo locally and commit your code on a separate branch.
PS: PR Welcome :rocket: :rocket: :rocket: :rocket:
GitHub @detailyang
lua-resty-cors is licensed under the MIT license.