diff options
author | Daniel Risacher <dan@risacher.org> | 2019-05-24 12:39:54 -0400 |
---|---|---|
committer | Daniel Risacher <dan@risacher.org> | 2019-05-24 12:39:54 -0400 |
commit | cb00cfc1b7749dd4af37b073eb97111e8b022129 (patch) | |
tree | 613d23ad3fb4ce2d30af179ff9557b15d97d9f37 | |
parent | d83cb75f95e94524e1117111ca0dd063021cf3b8 (diff) | |
download | wekan-cb00cfc1b7749dd4af37b073eb97111e8b022129.tar.gz wekan-cb00cfc1b7749dd4af37b073eb97111e8b022129.tar.bz2 wekan-cb00cfc1b7749dd4af37b073eb97111e8b022129.zip |
Add support for more CORS headers
-rw-r--r-- | docker-compose.yml | 4 | ||||
-rw-r--r-- | server/cors.js | 12 |
2 files changed, 16 insertions, 0 deletions
diff --git a/docker-compose.yml b/docker-compose.yml index aaeb47b0..8de443ab 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -239,6 +239,10 @@ services: # ==== CORS ===== # CORS: Set Access-Control-Allow-Origin header. #- CORS=* + # CORS_ALLOW_HEADERS: Set Access-Control-Allow-Headers header. "Authorization,Content-Type" is required for cross-origin use of the API. + #- CORS_ALLOW_HEADERS=Authorization,Content-Type + # CORS_EXPOSE_HEADERS: Set Access-Control-Expose-Headers header. This is not needed for typical CORS situations + #- CORS_EXPOSE_HEADERS=* #----------------------------------------------------------------- # ==== MATOMO INTEGRATION ==== # Optional: Integration with Matomo https://matomo.org that is installed to your server diff --git a/server/cors.js b/server/cors.js index 80369a83..0db38d9b 100644 --- a/server/cors.js +++ b/server/cors.js @@ -7,5 +7,17 @@ Meteor.startup(() => { return next(); }); } + if ( process.env.CORS_ALLOW_HEADERS ) { + WebApp.rawConnectHandlers.use(function(req, res, next) { + res.setHeader('Access-Control-Allow-Headers', process.env.CORS_ALLOW_HEADERS); + return next(); + }); + } + if ( process.env.CORS_EXPOSE_HEADERS ) { + WebApp.rawConnectHandlers.use(function(req, res, next) { + res.setHeader('Access-Control-Expose-Headers', process.env.CORS_EXPOSE_HEADERS); + return next(); + }); + } }); |