1 |
|
2 |
|
3 |
|
4 |
|
5 |
|
6 |
|
7 |
|
8 |
|
9 |
|
10 |
|
11 |
|
12 |
|
13 |
|
14 |
|
15 |
|
16 |
|
17 |
|
18 |
|
19 | function CorsHandler() {
|
20 |
|
21 | }
|
22 |
|
23 |
|
24 |
|
25 |
|
26 |
|
27 | CorsHandler.prototype.postMapRequest = function(context, callback) {
|
28 |
|
29 | var allowCredentials = true;
|
30 | var allowOrigin = "*";
|
31 | var allowHeaders = "Origin, X-Requested-With, Content-Type, Content-Language, Accept, Accept-Language, Authorization";
|
32 | var allowMethods = "GET, OPTIONS, PUT, POST, PATCH, DELETE";
|
33 | |
34 |
|
35 |
|
36 |
|
37 | var route = context.request.route;
|
38 | if (route) {
|
39 | if (typeof route.allowOrigin !== 'undefined')
|
40 | allowOrigin = route.allowOrigin;
|
41 | if (typeof route.allowHeaders !== 'undefined')
|
42 | allowHeaders = route.allowHeaders;
|
43 | if (typeof route.allowCredentials !== 'undefined')
|
44 | allowCredentials = route.allowCredentials;
|
45 | if ((typeof route.allowMethods !== 'undefined') || (typeof route.allow !== 'undefined'))
|
46 | allowMethods = route.allow || route.allowMethods;
|
47 | }
|
48 |
|
49 | var headerNames = context.response["_headerNames"] || { };
|
50 |
|
51 | if (typeof headerNames["access-control-allow-origin"] === 'undefined') {
|
52 |
|
53 | if (context.request.headers.origin) {
|
54 | if (allowOrigin === "*") {
|
55 |
|
56 | context.response.setHeader("Access-Control-Allow-Origin", context.request.headers.origin);
|
57 | }
|
58 | else if (allowOrigin.indexOf(context.request.headers.origin)>-1) {
|
59 | context.response.setHeader("Access-Control-Allow-Origin", context.request.headers.origin);
|
60 | }
|
61 | }
|
62 | else {
|
63 |
|
64 | context.response.setHeader("Access-Control-Allow-Origin", "*");
|
65 | }
|
66 | }
|
67 |
|
68 | if (typeof headerNames["access-control-allow-credentials"] === 'undefined') {
|
69 | context.response.setHeader("Access-Control-Allow-Credentials", allowCredentials);
|
70 | }
|
71 |
|
72 |
|
73 | if (typeof headerNames["access-control-allow-headers"] === 'undefined') {
|
74 | context.response.setHeader("Access-Control-Allow-Headers", allowHeaders);
|
75 | }
|
76 |
|
77 |
|
78 | if (typeof headerNames["access-control-allow-methods"] === 'undefined') {
|
79 | context.response.setHeader("Access-Control-Allow-Methods", allowMethods);
|
80 | }
|
81 | return callback();
|
82 | };
|
83 |
|
84 | CorsHandler.createInstance = function() {
|
85 | return new CorsHandler();
|
86 | };
|
87 |
|
88 |
|
89 | if (typeof module !== 'undefined') {
|
90 | module.exports.CorsHandler = CorsHandler.CorsHandler;
|
91 | module.exports.createInstance = CorsHandler.createInstance;
|
92 | } |
\ | No newline at end of file |