mod_http_oauth2: Allow CORS for browser clients
Needed for web clients to reach i.e. the token endpoint.
--- a/mod_http_oauth2/mod_http_oauth2.lua Thu May 18 14:47:54 2023 +0200
+++ b/mod_http_oauth2/mod_http_oauth2.lua Thu May 18 14:51:48 2023 +0200
@@ -1025,6 +1025,7 @@
module:depends("http");
module:provides("http", {
+ cors = { enabled = true; credentials = true };
route = {
-- OAuth 2.0 in 5 simple steps!
-- This is the normal 'authorization_code' flow.
@@ -1089,6 +1090,7 @@
module:provides("http", {
name = "oauth2-discovery";
default_path = "/.well-known/oauth-authorization-server";
+ cors = { enabled = true };
route = {
["GET"] = {
headers = { content_type = "application/json" };