|
|
@@ -4235,15 +4235,17 @@ send_cors_header(struct mg_connection *conn)
|
|
|
conn->dom_ctx->config[ACCESS_CONTROL_EXPOSE_HEADERS];
|
|
|
const char *cors_meth_cfg =
|
|
|
conn->dom_ctx->config[ACCESS_CONTROL_ALLOW_METHODS];
|
|
|
+ const char *cors_repl_asterisk_with_orig_cfg =
|
|
|
+ conn->dom_ctx->config[REPLACE_ASTERISK_WITH_ORIGIN];
|
|
|
|
|
|
- if (cors_orig_cfg && *cors_orig_cfg && origin_hdr && *origin_hdr) {
|
|
|
- int cors_repl_asterisk_with_orig_cfg = mg_strcasecmp(conn->dom_ctx->config[REPLACE_ASTERISK_WITH_ORIGIN], "yes");
|
|
|
+ if (cors_orig_cfg && *cors_orig_cfg && origin_hdr && *origin_hdr && cors_repl_asterisk_with_orig_cfg && *cors_repl_asterisk_with_orig_cfg) {
|
|
|
+ int cors_repl_asterisk_with_orig = mg_strcasecmp(cors_repl_asterisk_with_orig_cfg, "yes");
|
|
|
|
|
|
/* Cross-origin resource sharing (CORS), see
|
|
|
* http://www.html5rocks.com/en/tutorials/cors/,
|
|
|
* http://www.html5rocks.com/static/images/cors_server_flowchart.png
|
|
|
* CORS preflight is not supported for files. */
|
|
|
- if (cors_repl_asterisk_with_orig_cfg == 0 && cors_orig_cfg[0] == '*') {
|
|
|
+ if (cors_repl_asterisk_with_orig == 0 && cors_orig_cfg[0] == '*') {
|
|
|
mg_response_header_add(conn,
|
|
|
"Access-Control-Allow-Origin",
|
|
|
origin_hdr,
|
|
|
@@ -15169,13 +15171,17 @@ handle_request(struct mg_connection *conn)
|
|
|
const char *cors_acrm = get_header(ri->http_headers,
|
|
|
ri->num_headers,
|
|
|
"Access-Control-Request-Method");
|
|
|
+ const char *cors_repl_asterisk_with_orig_cfg =
|
|
|
+ conn->dom_ctx->config[REPLACE_ASTERISK_WITH_ORIGIN];
|
|
|
+
|
|
|
/* Todo: check if cors_origin is in cors_orig_cfg.
|
|
|
* Or, let the client check this. */
|
|
|
|
|
|
if ((cors_meth_cfg != NULL) && (*cors_meth_cfg != 0)
|
|
|
&& (cors_orig_cfg != NULL) && (*cors_orig_cfg != 0)
|
|
|
- && (cors_origin != NULL) && (cors_acrm != NULL)) {
|
|
|
- int cors_repl_asterisk_with_orig_cfg = mg_strcasecmp(conn->dom_ctx->config[REPLACE_ASTERISK_WITH_ORIGIN], "yes");
|
|
|
+ && (cors_origin != NULL) && (cors_acrm != NULL)
|
|
|
+ && (cors_repl_asterisk_with_orig_cfg != NULL) && (*cors_repl_asterisk_with_orig_cfg != 0)) {
|
|
|
+ int cors_repl_asterisk_with_orig = mg_strcasecmp(cors_repl_asterisk_with_orig_cfg, "yes");
|
|
|
|
|
|
/* This is a valid CORS preflight, and the server is configured
|
|
|
* to handle it automatically. */
|
|
|
@@ -15197,7 +15203,7 @@ handle_request(struct mg_connection *conn)
|
|
|
"Content-Length: 0\r\n"
|
|
|
"Connection: %s\r\n",
|
|
|
date,
|
|
|
- (cors_repl_asterisk_with_orig_cfg == 0 && cors_orig_cfg[0] == '*') ? cors_origin : cors_orig_cfg,
|
|
|
+ (cors_repl_asterisk_with_orig == 0 && cors_orig_cfg[0] == '*') ? cors_origin : cors_orig_cfg,
|
|
|
((cors_meth_cfg[0] == '*') ? cors_acrm : cors_meth_cfg),
|
|
|
suggest_connection_header(conn));
|
|
|
|
Marcel F.