From 04164ff9674cc3a6a55fa111f42c2cfb659c7840 Mon Sep 17 00:00:00 2001
From: Tomasz Sowa <t.sowa@ttmath.org>
Date: Wed, 7 Sep 2022 15:25:48 +0200
Subject: [PATCH] add Access-Control-Allow-Credentials for simple requests too

---
 winixd/core/request.cpp | 22 +++++++++++++++++-----
 winixd/core/request.h   |  2 +-
 2 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/winixd/core/request.cpp b/winixd/core/request.cpp
index 326507f..fd20fbe 100644
--- a/winixd/core/request.cpp
+++ b/winixd/core/request.cpp
@@ -1531,15 +1531,27 @@ void Request::PrepareSessionCookie()
 }
 
 
-void Request::CheckOriginHeader()
+// preflight request are tested in function->MakeOption()
+void Request::CheckCorsHeaders()
 {
 	pt::Space * origin = headers_in.get_space_nc(L"Origin");
 
-	if( origin && origin->is_wstr() && !out_headers.has_key(Header::access_control_allow_origin) )
+	if( origin && origin->is_wstr() && function )
 	{
-		if( function && function->IsCorsOriginAvailable(*origin->get_wstr()) )
+		if( !out_headers.has_key(Header::access_control_allow_origin) )
 		{
-			function->AddAccessControlAllowOriginHeader(*origin->get_wstr());
+			if( function->IsCorsOriginAvailable(*origin->get_wstr()) )
+			{
+				function->AddAccessControlAllowOriginHeader(*origin->get_wstr());
+			}
+		}
+
+		if( !out_headers.has_key(Header::access_control_allow_credentials) )
+		{
+			if( function->AreCorsCredentialsAvailable() )
+			{
+				function->AddAccessControlAllowCredentialsHeader();
+			}
 		}
 	}
 }
@@ -1549,7 +1561,7 @@ void Request::CheckOriginHeader()
 void Request::PrepareHeaders(bool compressing, int compress_encoding, size_t output_size)
 {
 	PrepareSessionCookie();
-	CheckOriginHeader();
+	CheckCorsHeaders();
 
 	if( send_as_attachment )
 	{
diff --git a/winixd/core/request.h b/winixd/core/request.h
index d246ca2..df38608 100644
--- a/winixd/core/request.h
+++ b/winixd/core/request.h
@@ -595,7 +595,7 @@ private:
 	int SelectDeflateVersion();
 	void SelectCompression(size_t source_len, bool & compression_allowed, int & compression_encoding);
 	void PrepareSessionCookie();
-	void CheckOriginHeader();
+	void CheckCorsHeaders();
 	void PrepareHeaders(bool compressing, int compress_encoding, size_t output_size);
 	void ModifyStatusForRedirect();
 	void PrepareSendFileHeaderForStaticMountpoint();