feature: added support CORS for /apisix/admin. (#982)

apache · Dec 24, 2019 · eff1ca7 · eff1ca7
1 parent 051bade
commit eff1ca7
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 1 deletion.
diff --git a/bin/apisix b/bin/apisix
@@ -222,13 +222,14 @@ http {
     server {
         listen {* port_admin *};
 
-        location /apisix/admin/ {
+        location /apisix/admin {
             {%if allow_admin then%}
                 {% for _, allow_ip in ipairs(allow_admin) do %}
                 allow {*allow_ip*};
                 {% end %}
                 deny all;
             {%end%}
+
             content_by_lua_block {
                 apisix.http_admin()
             }

diff --git a/conf/config.yaml b/conf/config.yaml
@@ -18,6 +18,7 @@ apisix:
   node_listen: 9080              # APISIX listening port
   enable_heartbeat: true
   enable_admin: true
+  enable_admin_cors: true         # Admin API support CORS response headers.
   enable_debug: false
   enable_dev_mode: false          # Sets nginx worker_processes to 1 if set to true
   enable_ipv6: true

diff --git a/lua/apisix.lua b/lua/apisix.lua
@@ -446,6 +446,29 @@ function _M.http_balancer_phase()
     load_balancer(api_ctx.matched_route, api_ctx)
 end
 
+local function cors_admin()
+    local local_conf = core.config.local_conf()
+    if local_conf.apisix and not local_conf.apisix.enable_admin_cors then
+        return
+    end
+
+    local method = get_method()
+    if method == "OPTIONS" then
+        core.response.set_header("Access-Control-Allow-Origin", "*",
+                                "Access-Control-Allow-Methods", "POST, GET, PUT, OPTIONS, DELETE, PATCH",
+                                "Access-Control-Max-Age", "3600",
+                                "Access-Control-Allow-Headers", "*",
+                                "Access-Control-Allow-Credentials", "true",
+                                "Content-Length", "0",
+                                "Content-Type", "text/plain")
+        ngx_exit(200)
+    end
+
+    core.response.set_header("Access-Control-Allow-Origin", "*",
+                            "Access-Control-Allow-Credentials", "true",
+                            "Access-Control-Expose-Headers", "*",
+                            "Access-Control-Max-Age", "3600")
+end
 
 do
     local router
@@ -455,6 +478,9 @@ function _M.http_admin()
         router = admin_init.get()
     end
 
+    -- add cors rsp header
+    cors_admin()
+
     -- core.log.info("uri: ", get_var("uri"), " method: ", get_method())
     local ok = router:dispatch(get_var("uri"), {method = get_method()})
     if not ok then