Accueil Explorer Aide
S'inscrire Connexion
PSG
/
civetweb
miroir de https://github.com/civetweb/civetweb.git
5
0
Fork 0
Fichiers Tickets 0 Wiki
Parcourir la source

Merge pull request #1174 from linev/auth_cred

Add support for more CORS headers
bel2125 il y a 2 ans
Parent
042c508a06 d04032cc0b
commit
8fa86ff9c1
1 fichiers modifiés avec 60 ajouts et 1 suppressions
Vue séparée Afficher les stats Diff
  1. 60 1
      src/civetweb.c

+ 60 - 1
src/civetweb.c
Voir le fichier 

@@ -2059,6 +2059,8 @@ enum {
 
 	ACCESS_CONTROL_ALLOW_ORIGIN,
 
 	ACCESS_CONTROL_ALLOW_METHODS,
 
 	ACCESS_CONTROL_ALLOW_HEADERS,
 
+	ACCESS_CONTROL_EXPOSE_HEADERS,
 
+	ACCESS_CONTROL_ALLOW_CREDENTIALS,
 
 	ERROR_PAGES,
 
 #if !defined(NO_CACHING)
 
 	STATIC_FILE_MAX_AGE,
 
@@ -2222,6 +2224,8 @@ static const struct mg_option config_options[] = {
 
     {"access_control_allow_origin", MG_CONFIG_TYPE_STRING, "*"},
 
     {"access_control_allow_methods", MG_CONFIG_TYPE_STRING, "*"},
 
     {"access_control_allow_headers", MG_CONFIG_TYPE_STRING, "*"},
 
+    {"access_control_expose_headers", MG_CONFIG_TYPE_STRING, ""},
 
+    {"access_control_allow_credentials", MG_CONFIG_TYPE_STRING, ""},
 
     {"error_pages", MG_CONFIG_TYPE_DIRECTORY, NULL},
 
 #if !defined(NO_CACHING)
 
     {"static_file_max_age", MG_CONFIG_TYPE_NUMBER, "3600"},
 
@@ -4195,6 +4199,45 @@ send_cors_header(struct mg_connection *conn)
 
 		                       cors_orig_cfg,
 
 		                       -1);
 
 	}
 
+
 
+	const char *cors_cred_cfg =
 
+	    conn->dom_ctx->config[ACCESS_CONTROL_ALLOW_CREDENTIALS];
 
+	if (cors_cred_cfg && *cors_cred_cfg && origin_hdr && *origin_hdr) {
 
+		/* Cross-origin resource sharing (CORS), see
 
+		 * https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials */
 
+		mg_response_header_add(conn,
 
+		                       "Access-Control-Allow-Credentials",
 
+		                       cors_cred_cfg,
 
+		                       -1);
 
+	}
 
+
 
+	const char *cors_hdr_cfg =
 
+	    conn->dom_ctx->config[ACCESS_CONTROL_ALLOW_HEADERS];
 
+	if (cors_hdr_cfg && *cors_hdr_cfg) {
 
+	   mg_response_header_add(conn,
 
+	                          "Access-Control-Allow-Headers",
 
+	                          cors_hdr_cfg,
 
+	                          -1);
 
+	}
 
+
 
+	const char *cors_exphdr_cfg =
 
+	      conn->dom_ctx->config[ACCESS_CONTROL_EXPOSE_HEADERS];
 
+	if (cors_exphdr_cfg && *cors_exphdr_cfg) {
 
+	   mg_response_header_add(conn,
 
+	                          "Access-Control-Expose-Headers",
 
+	                          cors_exphdr_cfg,
 
+	                          -1);
 
+	}
 
+
 
+	const char *cors_meth_cfg =
 
+	      conn->dom_ctx->config[ACCESS_CONTROL_ALLOW_METHODS];
 
+	if (cors_meth_cfg && *cors_meth_cfg) {
 
+	   mg_response_header_add(conn,
 
+	                          "Access-Control-Allow-Methods",
 
+	                          cors_meth_cfg,
 
+	                          -1);
 
+	}
 
+
 
 }
 
 
 
@@ -14992,7 +15035,23 @@ handle_request(struct mg_connection *conn)
 
 			          ((cors_meth_cfg[0] == '*') ? cors_acrm : cors_meth_cfg),
 
 			          suggest_connection_header(conn));
 
 
-			if (cors_acrh != NULL) {
 
+			const char *cors_cred_cfg =
 
+			      conn->dom_ctx->config[ACCESS_CONTROL_ALLOW_CREDENTIALS];
 
+			if (cors_cred_cfg && *cors_cred_cfg) {
 
+			   mg_printf(conn,
 
+			             "Access-Control-Allow-Credentials: %s\r\n",
 
+			             cors_cred_cfg);
 
+			}
 
+
 
+			const char *cors_exphdr_cfg =
 
+			      conn->dom_ctx->config[ACCESS_CONTROL_EXPOSE_HEADERS];
 
+			if (cors_exphdr_cfg && *cors_exphdr_cfg) {
 
+			   mg_printf(conn,
 
+			             "Access-Control-Expose-Headers: %s\r\n",
 
+			             cors_exphdr_cfg);
 
+			}
 
+
 
+			if (cors_acrh || (cors_cred_cfg && *cors_cred_cfg)) {
 
 				/* CORS request is asking for additional headers */
 
 				const char *cors_hdr_cfg =
 
 				    conn->dom_ctx->config[ACCESS_CONTROL_ALLOW_HEADERS];