refactor the algorithm for testing the cors
while here: - send cors headers even if the status is 404 - add: access_control_expose_headers config option - list of additional headers sent in Access-Control-Expose-Headers - add: access_control_allow_credentials config option - if true return Access-Control-Allow-Credentials header equal "true"
This commit is contained in:
@@ -1531,37 +1531,10 @@ void Request::PrepareSessionCookie()
|
||||
}
|
||||
|
||||
|
||||
// preflight request are tested in function->MakeOption()
|
||||
void Request::CheckCorsHeaders()
|
||||
{
|
||||
pt::Space * origin = headers_in.get_space_nc(L"Origin");
|
||||
|
||||
if( origin && origin->is_wstr() && function )
|
||||
{
|
||||
if( !out_headers.has_key(Header::access_control_allow_origin) )
|
||||
{
|
||||
if( function->IsCorsOriginAvailable(*origin->get_wstr()) )
|
||||
{
|
||||
function->AddAccessControlAllowOriginHeader(*origin->get_wstr());
|
||||
}
|
||||
}
|
||||
|
||||
if( !out_headers.has_key(Header::access_control_allow_credentials) )
|
||||
{
|
||||
if( function->AreCorsCredentialsAvailable() )
|
||||
{
|
||||
function->AddAccessControlAllowCredentialsHeader();
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
void Request::PrepareHeaders(bool compressing, int compress_encoding, size_t output_size)
|
||||
{
|
||||
PrepareSessionCookie();
|
||||
CheckCorsHeaders();
|
||||
|
||||
if( send_as_attachment )
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user