# HG changeset patch
# User Waqas Hussain <waqas20@gmail.com>
# Date 1545989888 18000
# Node ID f09fe6c16e1071f0588a44964350246a1460e263
# Parent  b35dc87ebff0d819bad2c13481cbbc83bbc3d80f
Allow CORS for /run end-point

diff -r b35dc87ebff0 -r f09fe6c16e10 scansion/serve.lua
--- a/scansion/serve.lua	Fri Dec 28 04:35:51 2018 -0500
+++ b/scansion/serve.lua	Fri Dec 28 04:38:08 2018 -0500
@@ -10,6 +10,15 @@
 	return "Hello world";
 end
 
+local function set_cross_domain_headers(response, origin)
+	local headers = response.headers;
+	headers.access_control_allow_methods = "GET, POST, OPTIONS";
+	headers.access_control_allow_headers = "Content-Type";
+	headers.access_control_max_age = "7200";
+	headers.access_control_allow_origin = origin;
+	return response;
+end
+
 local function run(config, run_script)
 	function handle_run_request(event)
 		local request, response = event.request, event.response;
@@ -33,6 +42,7 @@
 		response.status_code = 201;
 		response.headers.connection = "close";
 		response.headers.transfer_encoding = "chunked";
+		set_cross_domain_headers(response, config.origin); -- Let browser JS see the response
 		response.conn:send(table.concat(http_server.prepare_header(response)));
 
 		local ok, ret = pcall(run_script, "web", event.request.body, log);