2 năm trước cách đây · d04032cc0b
--- a/src/civetweb.c
+++ b/src/civetweb.c
@@ -2059,6 +2059,7 @@ enum {
 
				 	ACCESS_CONTROL_ALLOW_ORIGIN,
			
 
				 	ACCESS_CONTROL_ALLOW_METHODS,
			
 
				 	ACCESS_CONTROL_ALLOW_HEADERS,
			
 
				+	ACCESS_CONTROL_EXPOSE_HEADERS,
			
 
				 	ACCESS_CONTROL_ALLOW_CREDENTIALS,
			
 
				 	ERROR_PAGES,
			
 
				 #if !defined(NO_CACHING)
			
@@ -2223,6 +2224,7 @@ static const struct mg_option config_options[] = {
 
				     {"access_control_allow_origin", MG_CONFIG_TYPE_STRING, "*"},
			
 
				     {"access_control_allow_methods", MG_CONFIG_TYPE_STRING, "*"},
			
 
				     {"access_control_allow_headers", MG_CONFIG_TYPE_STRING, "*"},
			
 
				+    {"access_control_expose_headers", MG_CONFIG_TYPE_STRING, ""},
			
 
				     {"access_control_allow_credentials", MG_CONFIG_TYPE_STRING, ""},
			
 
				     {"error_pages", MG_CONFIG_TYPE_DIRECTORY, NULL},
			
 
				 #if !defined(NO_CACHING)
			
@@ -4218,6 +4220,15 @@ send_cors_header(struct mg_connection *conn)
 
				 	                          -1);
			
 
				 	}
			
 
				 
			
 
				+	const char *cors_exphdr_cfg =
			
 
				+	      conn->dom_ctx->config[ACCESS_CONTROL_EXPOSE_HEADERS];
			
 
				+	if (cors_exphdr_cfg && *cors_exphdr_cfg) {
			
 
				+	   mg_response_header_add(conn,
			
 
				+	                          "Access-Control-Expose-Headers",
			
 
				+	                          cors_exphdr_cfg,
			
 
				+	                          -1);
			
 
				+	}
			
 
				+
			
 
				 	const char *cors_meth_cfg =
			
 
				 	      conn->dom_ctx->config[ACCESS_CONTROL_ALLOW_METHODS];
			
 
				 	if (cors_meth_cfg && *cors_meth_cfg) {
			
@@ -15026,12 +15037,21 @@ handle_request(struct mg_connection *conn)
 
				 
			
 
				 			const char *cors_cred_cfg =
			
 
				 			      conn->dom_ctx->config[ACCESS_CONTROL_ALLOW_CREDENTIALS];
			
 
				-			if (cors_cred_cfg && *cors_cred_cfg)
			
 
				+			if (cors_cred_cfg && *cors_cred_cfg) {
			
 
				 			   mg_printf(conn,
			
 
				 			             "Access-Control-Allow-Credentials: %s\r\n",
			
 
				 			             cors_cred_cfg);
			
 
				+			}
			
 
				+
			
 
				+			const char *cors_exphdr_cfg =
			
 
				+			      conn->dom_ctx->config[ACCESS_CONTROL_EXPOSE_HEADERS];
			
 
				+			if (cors_exphdr_cfg && *cors_exphdr_cfg) {
			
 
				+			   mg_printf(conn,
			
 
				+			             "Access-Control-Expose-Headers: %s\r\n",
			
 
				+			             cors_exphdr_cfg);
			
 
				+			}
			
 
				 
			
 
				-			if (cors_acrh != NULL) {
			
 
				+			if (cors_acrh || (cors_cred_cfg && *cors_cred_cfg)) {
			
 
				 				/* CORS request is asking for additional headers */
			
 
				 				const char *cors_hdr_cfg =
			
 
				 				    conn->dom_ctx->config[ACCESS_CONTROL_ALLOW_HEADERS];