add config options for testing the Origin header in cors requests
- allow_all_cors_origins - whether or not to allow all origins - allowed_cors_origins - a list of allowed origins (used if allow_all_cors_origins is false)
This commit is contained in:
@@ -1536,10 +1536,25 @@ void Request::PrepareSessionCookie()
|
||||
}
|
||||
|
||||
|
||||
void Request::CheckOriginHeader()
|
||||
{
|
||||
pt::Space * origin = headers_in.get_space_nc(L"Origin");
|
||||
|
||||
if( origin && origin->is_wstr() && !out_headers.has_key(Header::access_control_allow_origin) )
|
||||
{
|
||||
if( function && function->IsCorsOriginAvailable(*origin->get_wstr()) )
|
||||
{
|
||||
function->AddAccessControlAllowOriginHeader(*origin->get_wstr());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
void Request::PrepareHeaders(bool compressing, int compress_encoding, size_t output_size)
|
||||
{
|
||||
PrepareSessionCookie();
|
||||
CheckOriginHeader();
|
||||
|
||||
if( send_as_attachment )
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user