35 local opt_methods = module:get_option_set("access_control_allow_methods", { "GET", "OPTIONS" }); |
35 local opt_methods = module:get_option_set("access_control_allow_methods", { "GET", "OPTIONS" }); |
36 local opt_headers = module:get_option_set("access_control_allow_headers", { "Content-Type" }); |
36 local opt_headers = module:get_option_set("access_control_allow_headers", { "Content-Type" }); |
37 local opt_origins = module:get_option_set("access_control_allow_origins"); |
37 local opt_origins = module:get_option_set("access_control_allow_origins"); |
38 local opt_credentials = module:get_option_boolean("access_control_allow_credentials", false); |
38 local opt_credentials = module:get_option_boolean("access_control_allow_credentials", false); |
39 local opt_max_age = module:get_option_number("access_control_max_age", 2 * 60 * 60); |
39 local opt_max_age = module:get_option_number("access_control_max_age", 2 * 60 * 60); |
|
40 local opt_default_cors = module:get_option_boolean("http_default_cors_enabled", true); |
40 |
41 |
41 local function get_http_event(host, app_path, key) |
42 local function get_http_event(host, app_path, key) |
42 local method, path = key:match("^(%S+)%s+(.+)$"); |
43 local method, path = key:match("^(%S+)%s+(.+)$"); |
43 if not method then -- No path specified, default to "" (base path) |
44 if not method then -- No path specified, default to "" (base path) |
44 method, path = key, ""; |
45 method, path = key, ""; |
226 end |
231 end |
227 end |
232 end |
228 if not app_handlers[event_name] then |
233 if not app_handlers[event_name] then |
229 app_handlers[event_name] = { |
234 app_handlers[event_name] = { |
230 main = handler; |
235 main = handler; |
231 cors = cors_handler; |
236 cors = cors and cors_handler; |
232 options = options_handler; |
237 options = cors and options_handler; |
233 }; |
238 }; |
234 module:hook_object_event(server, event_name, handler); |
239 module:hook_object_event(server, event_name, handler); |
235 module:hook_object_event(server, event_name, cors_handler, 1); |
240 if cors then |
236 module:hook_object_event(server, options_event_name, options_handler, -1); |
241 module:hook_object_event(server, event_name, cors_handler, 1); |
|
242 module:hook_object_event(server, options_event_name, options_handler, -1); |
|
243 end |
237 else |
244 else |
238 module:log("warn", "App %s added handler twice for '%s', ignoring", app_name, event_name); |
245 module:log("warn", "App %s added handler twice for '%s', ignoring", app_name, event_name); |
239 end |
246 end |
240 else |
247 else |
241 module:log("error", "Invalid route in %s, %q. See https://prosody.im/doc/developers/http#routes", app_name, key); |
248 module:log("error", "Invalid route in %s, %q. See https://prosody.im/doc/developers/http#routes", app_name, key); |