# HG changeset patch # User Matthew Wild # Date 1667226746 0 # Node ID 4f69423603f265ded2495c846ace320b99a6ef25 # Parent 517b5702c5a1f3b77aa0330f87fe23086b4619ad# Parent 24b55f0e2db99fe4a1b8f4746be1443ccbd6129e Merge 0.12->trunk diff -r 517b5702c5a1 -r 4f69423603f2 plugins/mod_http.lua --- a/plugins/mod_http.lua Mon Oct 24 15:25:12 2022 +0200 +++ b/plugins/mod_http.lua Mon Oct 31 14:32:26 2022 +0000 @@ -37,6 +37,7 @@ local opt_origins = module:get_option_set("access_control_allow_origins"); local opt_credentials = module:get_option_boolean("access_control_allow_credentials", false); local opt_max_age = module:get_option_number("access_control_max_age", 2 * 60 * 60); +local opt_default_cors = module:get_option_boolean("http_default_cors_enabled", true); local function get_http_event(host, app_path, key) local method, path = key:match("^(%S+)%s+(.+)$"); @@ -183,7 +184,11 @@ app_origins = set.new(cors.origins)._items; end end + elseif cors.enabled == false then + cors = nil; end + else + cors = opt_default_cors; end local streaming = event.item.streaming_uploads; @@ -228,12 +233,14 @@ if not app_handlers[event_name] then app_handlers[event_name] = { main = handler; - cors = cors_handler; - options = options_handler; + cors = cors and cors_handler; + options = cors and options_handler; }; module:hook_object_event(server, event_name, handler); - module:hook_object_event(server, event_name, cors_handler, 1); - module:hook_object_event(server, options_event_name, options_handler, -1); + if cors then + module:hook_object_event(server, event_name, cors_handler, 1); + module:hook_object_event(server, options_event_name, options_handler, -1); + end else module:log("warn", "App %s added handler twice for '%s', ignoring", app_name, event_name); end