feature: added support CORS for /apisix/admin. (#982)

2024-11-30 11:07:59 +08:00 · 2019-12-24 14:44:42 +08:00 · 2019-12-24 14:44:42 +08:00 · eff1ca78e9
commit eff1ca78e9
parent 051baded1f
3 changed files with 29 additions and 1 deletions
--- a/bin/apisix
+++ b/bin/apisix
@ -222,13 +222,14 @@ http {
    server {
        listen {* port_admin *};

-        location /apisix/admin/ {
+        location /apisix/admin {
            {%if allow_admin then%}
                {% for _, allow_ip in ipairs(allow_admin) do %}
                allow {*allow_ip*};
                {% end %}
                deny all;
            {%end%}
+
            content_by_lua_block {
                apisix.http_admin()
            }
--- a/conf/config.yaml
+++ b/conf/config.yaml
@ -18,6 +18,7 @@ apisix:
  node_listen: 9080              # APISIX listening port
  enable_heartbeat: true
  enable_admin: true
+  enable_admin_cors: true         # Admin API support CORS response headers.
  enable_debug: false
  enable_dev_mode: false          # Sets nginx worker_processes to 1 if set to true
  enable_ipv6: true
--- a/lua/apisix.lua
+++ b/lua/apisix.lua
@ -446,6 +446,29 @@ function _M.http_balancer_phase()
    load_balancer(api_ctx.matched_route, api_ctx)
 end

+local function cors_admin()
+    local local_conf = core.config.local_conf()
+    if local_conf.apisix and not local_conf.apisix.enable_admin_cors then
+        return
+    end
+
+    local method = get_method()
+    if method == "OPTIONS" then
+        core.response.set_header("Access-Control-Allow-Origin", "*",
+                                "Access-Control-Allow-Methods", "POST, GET, PUT, OPTIONS, DELETE, PATCH",
+                                "Access-Control-Max-Age", "3600",
+                                "Access-Control-Allow-Headers", "*",
+                                "Access-Control-Allow-Credentials", "true",
+                                "Content-Length", "0",
+                                "Content-Type", "text/plain")
+        ngx_exit(200)
+    end
+
+    core.response.set_header("Access-Control-Allow-Origin", "*",
+                            "Access-Control-Allow-Credentials", "true",
+                            "Access-Control-Expose-Headers", "*",
+                            "Access-Control-Max-Age", "3600")
+end

 do
    local router
@ -455,6 +478,9 @@ function _M.http_admin()
        router = admin_init.get()
    end

+    -- add cors rsp header
+    cors_admin()
+
    -- core.log.info("uri: ", get_var("uri"), " method: ", get_method())
    local ok = router:dispatch(get_var("uri"), {method = get_method()})
    if not ok then