diff options
| -rw-r--r-- | plugins/mod_http.lua | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/plugins/mod_http.lua b/plugins/mod_http.lua index 493bec25..b50755df 100644 --- a/plugins/mod_http.lua +++ b/plugins/mod_http.lua @@ -17,6 +17,7 @@ local url_parse = require "socket.url".parse; local url_build = require "socket.url".build; local normalize_path = require "prosody.util.http".normalize_path; local set = require "prosody.util.set"; +local array = require "util.array"; local ip_util = require "prosody.util.ip"; local new_ip = ip_util.new_ip; @@ -112,12 +113,16 @@ function moduleapi.http_url(module, app_name, default_path) return "http://disabled.invalid/"; end +local function header_set_tostring(header_value) + return array(pairs(header_value._items)):concat(", "); +end + local function apply_cors_headers(response, methods, headers, max_age, allow_credentials, allowed_origins, origin) if allowed_origins and not allowed_origins[origin] then return; end - response.headers.access_control_allow_methods = tostring(methods); - response.headers.access_control_allow_headers = tostring(headers); + response.headers.access_control_allow_methods = header_set_tostring(methods); + response.headers.access_control_allow_headers = header_set_tostring(headers); response.headers.access_control_max_age = tostring(max_age) response.headers.access_control_allow_origin = origin or "*"; if allow_credentials then |