refactor the algorithm for testing the cors

while here:
- send cors headers even if the status is 404
- add: access_control_expose_headers config option - list of additional headers sent in Access-Control-Expose-Headers
- add: access_control_allow_credentials config option - if true return Access-Control-Allow-Credentials header equal "true"

winixd/core/app.cpp

@@ -654,8 +654,6 @@ void App::MakeRenameMeToABetterName()
 
 
 	////////////////////////
-
-
 	cur.request->PrepareAnswerType();
 
 	if( cur.session->ip_ban && cur.session->ip_ban->IsIPBanned() )
@@ -669,6 +667,11 @@ void App::MakeRenameMeToABetterName()
 		cur.request->http_status = Header::status_403_forbidden;
 	}
 
+	if( cur.request->function )
+	{
+		cur.request->function->CheckOriginHeader();
+	}
+
 	// cur.request->status can be changed by function_parser
 	if( cur.request->status == WINIX_ERR_OK && cur.request->http_status == Header::status_200_ok )
 		plugin.Call(WINIX_PREPARE_REQUEST);
@@ -687,7 +690,9 @@ void App::MakeRenameMeToABetterName()
 
 	AddDefaultModels();
 
-	if( cur.request->status == WINIX_ERR_OK && cur.request->http_status == Header::status_200_ok )
+	// what about 204 No Content from preflight requests? should we make MakeOptions()?
+	if( (cur.request->status == WINIX_ERR_OK && cur.request->http_status == Header::status_200_ok) ||
+		(cur.request->method == Request::Method::options && cur.request->http_status == Header::status_204_no_content))
 		functions.MakeFunction();
 
 	if( cur.request->run_state == Request::RunState::normal_run )