From 9f64692edece8076eeca2e8af71a989a08feaeb0 Mon Sep 17 00:00:00 2001 From: Tomasz Sowa Date: Wed, 7 Sep 2022 14:46:29 +0200 Subject: [PATCH] set Access-Control-Allow-Credentials if available --- winixd/core/header.h | 9 +++++---- winixd/functions/functionbase.cpp | 18 ++++++++++++++++++ winixd/functions/functionbase.h | 2 ++ 3 files changed, 25 insertions(+), 4 deletions(-) diff --git a/winixd/core/header.h b/winixd/core/header.h index 023f59c..e59b690 100644 --- a/winixd/core/header.h +++ b/winixd/core/header.h @@ -54,10 +54,11 @@ public: static constexpr const wchar_t * accept_language = L"Accept-Language"; static constexpr const wchar_t * authorization = L"Authorization"; static constexpr const wchar_t * allow = L"Allow"; - static constexpr const wchar_t * access_control_allow_methods = L"Access-Control-Allow-Methods"; - static constexpr const wchar_t * access_control_allow_origin = L"Access-Control-Allow-Origin"; - static constexpr const wchar_t * access_control_allow_headers = L"Access-Control-Allow-Headers"; - static constexpr const wchar_t * access_control_max_age = L"Access-Control-Max-Age"; + static constexpr const wchar_t * access_control_allow_methods = L"Access-Control-Allow-Methods"; + static constexpr const wchar_t * access_control_allow_origin = L"Access-Control-Allow-Origin"; + static constexpr const wchar_t * access_control_allow_headers = L"Access-Control-Allow-Headers"; + static constexpr const wchar_t * access_control_allow_credentials = L"Access-Control-Allow-Credentials"; + static constexpr const wchar_t * access_control_max_age = L"Access-Control-Max-Age"; /* * headers' names lower case diff --git a/winixd/functions/functionbase.cpp b/winixd/functions/functionbase.cpp index 975c4bc..63d32ea 100644 --- a/winixd/functions/functionbase.cpp +++ b/winixd/functions/functionbase.cpp @@ -170,6 +170,12 @@ bool FunctionBase::IsCorsOriginAvailable(const std::wstring & origin_url) } +bool FunctionBase::AreCorsCredentialsAvailable() +{ + return true; +} + + bool FunctionBase::AreCorsHeadersAvailable(const std::wstring & headers) { // true by default for all headers @@ -227,6 +233,13 @@ void FunctionBase::AddAccessControlMaxAgeHeader() } +void FunctionBase::AddAccessControlAllowCredentialsHeader() +{ + cur->request->AddHeader(Header::access_control_allow_credentials, L"true"); +} + + + void FunctionBase::MakeGet() { // do nothing by default @@ -293,6 +306,11 @@ void FunctionBase::MakeOptions() AddAccessControlAllowOriginHeader(*cors_origin->get_wstr()); AddAccessControlMaxAgeHeader(); + if( AreCorsCredentialsAvailable() ) + { + AddAccessControlAllowCredentialsHeader(); + } + if( cors_headers && cors_headers->is_wstr() ) { AddAccessControlAllowHeadersHeader(*cors_headers->get_wstr()); diff --git a/winixd/functions/functionbase.h b/winixd/functions/functionbase.h index dec23c8..3da2bf7 100644 --- a/winixd/functions/functionbase.h +++ b/winixd/functions/functionbase.h @@ -113,12 +113,14 @@ public: virtual bool IsCorsMethodAvailable(Request::Method method); virtual bool IsCorsOriginAvailable(const std::wstring & origin_url); + virtual bool AreCorsCredentialsAvailable(); virtual bool AreCorsHeadersAvailable(const std::wstring & headers); virtual void AddAccessControlAllowMethodsHeader(Request::Method method); virtual void AddAccessControlAllowOriginHeader(const std::wstring & origin_url); virtual void AddAccessControlAllowHeadersHeader(const std::wstring & headers); virtual void AddAccessControlMaxAgeHeader(); + virtual void AddAccessControlAllowCredentialsHeader(); virtual void MakeGet();