tomasz.sowa/winix
1
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

change how origin header is treated

Browse Source 
Now check whether the origin is in allowed_origins table,
and if not check allow_all_origins config parameter.

While here:
- add are_cors_preflight_requests_available - if true then preflight
  requests are available (default false)
This commit is contained in:
Tomasz Sowa
2022-09-09 01:01:39 +02:00
parent 05ecac8426
commit 6138497fe0
4 changed files with 76 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
winixd/core/config.h
View File

@@ -1002,18 +1002,21 @@ public:
// if the limit is reached then the http status 503 Service Unavailable is returned
size_t request_queue_job_limit;
// whether or not all origins are allowed in cors requests
// default: false;
// if false then we check allowed_cors_origins table to check whether the origin is available (origin is sent in Origin header),
// if allow_all_cors_origins is false and allowed_cors_origins is empty then by default we do not allow cors requests
// (but you can still allow it in your function/controller by overriding IsCorsOriginAvailable(...) method)
bool allow_all_cors_origins;
// list of allowed origins in cors requests
// can be set per controller in a method: virtual bool FunctionBase::IsCorsOriginAvailable(const std::wstring & origin_url)
// used only if allow_all_cors_origins is false
// can be set per controller in a method: virtual bool FunctionBase::IsOriginAvailable(const std::wstring & origin_url)
// default: empty
std::vector<std::wstring> allowed_cors_origins;
std::vector<std::wstring> allowed_origins;
// whether or not all origins are allowed if allowed_origins is empty
// default: true
// this is true by default because Origin header is sent not only in cors requests
// (you can still allow it in your function/controller by overriding IsOriginAvailable(...) method)
bool allow_all_origins;
// whether or not cors preflight requests are available
// https://developer.mozilla.org/en-US/docs/Glossary/Preflight_request
// default: false
bool are_cors_preflight_requests_available;
// list of additional headers sent in Access-Control-Expose-Headers header
// can be set per controller in a method: virtual void FunctionBase::AddAccessControlExposeHeadersHeader()