Menu
▾
▴
Re: [Erlyaws-list] Access-Control-Allow-Origin
|
From: Christopher F. <chr...@ca...> - 2012-11-15 14:55:35
|
On 14/11/2012 22:42, Ian wrote:
> On most of my sites, the dynamic content comes from the www. subdomain
> while the static content is served from (cookieless) static. subdomain
> but this is effectively cross-site and can cause problems for certain
> file types if Access-Control-Allow-Origin headers are not set.
>
> I'm achieving it under Apache with the following in the .htaccess file:
>
> <FilesMatch "\.(eot|woff|ttf|svg)$">
> <IfModule mod_headers.c>
> SetEnvIf Origin
> "^http(s)?://(.+\.)?(domain\.tld|domain\.tld\.local)$" origin_is=$0
> Header set Access-Control-Allow-Origin %{origin_is}e env=origin_is
> </IfModule>
> </FilesMatch>
>
> Can anyone tell me how this is to be done under YAWS?
>
You could achieve this using an appmod on '/' that will proxify all your
calls:
-module(my_appmod).
-export([out/1]).
out(Arg) ->
{abs_path, Path} = yaws_api:http_request_path(yaws_api:arg_req(Arg)),
Hdrs = yaws_api:arg_headers(Arg),
case yaws_api:get_header(Hdrs, "Origin") of
undefined ->
{page, Path};
Origin ->
RE = "^http(s)?://(.+\.)?(domain\.tld|domain\.tld\.local)$",
case re:run(Origin, RE, [{capture, none}]) of
match ->
Opts = [{header, {"Access-Control-Allow-Origin",
Origin}}],
{page, {Opts, Path}};
nomatch ->
{page, Path}
end
end.
Then by adding following line in your vhost configuration, this will do
what you want:
<server www.domain.tld>
...
appmods = </, my_appmod>
...
</server>
Note: If you use this method, you can have only one appmod.
--
Christopher
|