refactor the algorithm for testing the cors

while here:
- send cors headers even if the status is 404
- add: access_control_expose_headers config option - list of additional headers sent in Access-Control-Expose-Headers
- add: access_control_allow_credentials config option - if true return Access-Control-Allow-Credentials header equal "true"

winixd/core/header.cpp

@@ -69,6 +69,47 @@ void Header::prepare_status_value(int http_status, pt::WTextStream & value, bool
 }
 
 
+bool Header::is_header_value_char_correct(wchar_t c)
+{
+	/*
+	 * make sure to not allow at least \r or \r
+	 */
+	return c > 32 && c < 127;
+}
+
+
+bool Header::is_header_value_correct(const wchar_t * str)
+{
+	for( ; *str ; ++str)
+	{
+		if( !is_header_value_char_correct(*str) )
+		{
+			return false;
+		}
+	}
+
+	return true;
+}
+
+
+bool Header::is_header_value_correct(const std::wstring & str)
+{
+	/*
+	 * dont use is_header_value_correct(str.c_str()) as there can be a null character (0) inside the string
+	 */
+	for(size_t i=0 ; i < str.size() ; ++i)
+	{
+		if( !is_header_value_char_correct(str[i]) )
+		{
+			return false;
+		}
+	}
+
+	return true;
+}
+
+
+
 }