Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/detailyang/lua-resty-cors

It's the implement of CORS on OpenResty
https://github.com/detailyang/lua-resty-cors

cors resty

Last synced: about 1 month ago
JSON representation

It's the implement of CORS on OpenResty

Awesome Lists containing this project

README

        

Name
====
lua-resty-cors

# lua-resty-cors
It's the implement of [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS) on OpenResty and
It backports the [nginx-http-cors](https://github.com/x-v8/ngx_http_cors_filter) to OpenResty

Table of Contents
-----------------
* [Name](#name)
* [Status](#status)
* [Usage](#usage)
* [API](#api)
* [Contributing](#contributing)
* [Author](#author)
* [License](#license)

Status
====
[![Build Status](https://travis-ci.org/detailyang/lua-resty-cors.svg?branch=master)](https://travis-ci.org/detailyang/lua-resty-cors)

Usage
====
It may be placed on the nginx http block for a global CORS config or in each server block to configure a different CORS for each virtual host as the following:

```bash

http {
init_by_lua_block {
local cors = require('lib.resty.cors');

cors.allow_host([==[.*\.google\.com]==])
cors.allow_host([==[.*\.facebook\.com]==])
cors.expose_header('x-custom-field1')
cors.expose_header('x-custom-field2')
cors.allow_method('GET')
cors.allow_method('POST')
cors.allow_method('PUT')
cors.allow_method('DELETE')
cors.allow_header('x-custom-field1')
cors.allow_header('x-custom-field2')
cors.max_age(7200)
cors.allow_credentials(false)
}

header_filter_by_lua_block {
local cors = require('lib.resty.cors');
cors.run()
}
}
```

API
====

allow_host
---
`syntax: cors.allow_host(host)`

This will match the host from cors request then be added to the header Access-Control-Allow-Origin like as the following:

```bash
Request:
Origin: https://www.google.com

Response:
Access-Control-Allow-Origin: http://www.google.com
```

expose_header
---
`syntax: cors.expose_header(header)`

This will be added to the header Access-Control-Expose-Headers like as the following:

```bash
Request:
Origin: https://www.google.com

Response:
Access-Control-Expose-Headers: x-custom-field1,x-custom-field2
```

allow_method
---
`syntax: cors.allow_method(method)`

This will be added to the header Access-Control-Allow-Methods like as the following:

```bash
Request:
Origin: https://www.google.com

Response:
Access-Control-Allow-Methods:GET,POST,PUT
```

allow_header
---
`syntax: cors.allow_header(header)`

This will be added to the header Access-Control-Allow-Headers like as the following:

```bash
Request:
Origin: https://www.google.com

Response:
Access-Control-Allow-Headers:x-custom-field1,x-custom-field2
```

max_age
---
`syntax: cors.max_age(age)`

This will be added to the header Access-Control-Max-Age like as the following:

```bash
Request:
Origin: https://www.google.com

Response:
Access-Control-Max-Age: 7200
```

Allow-Credentials
---
`syntax: cors.allow_credentials(true or false)`

This will be added to the header Access-Control-Allow-Credentials like as the following:

```bash
Request:
Origin: https://www.google.com

Response:
Access-Control-Allow-Credentials: true
```

run
---
`syntax: cors.run()`

This is the entry for lua-resty-cors to run

Contributing
------------

To contribute to lua-resty-cors, clone this repo locally and commit your code on a separate branch.

PS: PR Welcome :rocket: :rocket: :rocket: :rocket:

Author
------

> GitHub [@detailyang](https://github.com/detailyang)

License
-------
lua-resty-cors is licensed under the [MIT] license.

[MIT]: https://github.com/detailyang/ybw/blob/master/licenses/MIT