Lua Resty Cors Save

It's the implement of CORS on OpenResty

Project README

Name

lua-resty-cors

lua-resty-cors

It's the implement of CORS on OpenResty and It backports the nginx-http-cors to OpenResty

Table of Contents

Status

Build Status

Usage

It may be placed on the nginx http block for a global CORS config or in each server block to configure a different CORS for each virtual host as the following:


http {
      init_by_lua_block {
        local cors = require('lib.resty.cors');

        cors.allow_host([==[.*\.google\.com]==])
        cors.allow_host([==[.*\.facebook\.com]==])
        cors.expose_header('x-custom-field1')
        cors.expose_header('x-custom-field2')
        cors.allow_method('GET')
        cors.allow_method('POST')
        cors.allow_method('PUT')
        cors.allow_method('DELETE')
        cors.allow_header('x-custom-field1')
        cors.allow_header('x-custom-field2')
        cors.max_age(7200)
        cors.allow_credentials(false)
      }
      
      header_filter_by_lua_block {
        local cors = require('lib.resty.cors');
        cors.run()
    }
}

API

allow_host

syntax: cors.allow_host(host)

This will match the host from cors request then be added to the header Access-Control-Allow-Origin like as the following:

Request:
Origin: https://www.google.com

Response:
Access-Control-Allow-Origin: http://www.google.com

expose_header

syntax: cors.expose_header(header)

This will be added to the header Access-Control-Expose-Headers like as the following:

Request:
Origin: https://www.google.com

Response:
Access-Control-Expose-Headers: x-custom-field1,x-custom-field2

allow_method

syntax: cors.allow_method(method)

This will be added to the header Access-Control-Allow-Methods like as the following:

Request:
Origin: https://www.google.com

Response:
Access-Control-Allow-Methods:GET,POST,PUT

allow_header

syntax: cors.allow_header(header)

This will be added to the header Access-Control-Allow-Headers like as the following:

Request:
Origin: https://www.google.com

Response:
Access-Control-Allow-Headers:x-custom-field1,x-custom-field2

max_age

syntax: cors.max_age(age)

This will be added to the header Access-Control-Max-Age like as the following:

Request:
Origin: https://www.google.com

Response:
Access-Control-Max-Age: 7200

Allow-Credentials

syntax: cors.allow_credentials(true or false)

This will be added to the header Access-Control-Allow-Credentials like as the following:

Request:
Origin: https://www.google.com

Response:
Access-Control-Allow-Credentials: true

run

syntax: cors.run()

This is the entry for lua-resty-cors to run

Contributing

To contribute to lua-resty-cors, clone this repo locally and commit your code on a separate branch.

PS: PR Welcome :rocket: :rocket: :rocket: :rocket:

Author

GitHub @detailyang

License

lua-resty-cors is licensed under the MIT license.

Open Source Agenda is not affiliated with "Lua Resty Cors" Project. README Source: detailyang/lua-resty-cors
Stars
56
Open Issues
2
Last Commit
5 years ago
Repository
detailyang/lua-resty-cors
License
MIT
Tags
Cors Resty

Open Source Agenda Badge

Open Source Agenda Rating
Submit Review Review Your Favorite Project
Submit Resource Articles, Courses, Videos
Submit Article Submit a post to our blog

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?