|
@@ -2059,6 +2059,7 @@ enum {
|
|
|
ACCESS_CONTROL_ALLOW_ORIGIN,
|
|
ACCESS_CONTROL_ALLOW_ORIGIN,
|
|
|
ACCESS_CONTROL_ALLOW_METHODS,
|
|
ACCESS_CONTROL_ALLOW_METHODS,
|
|
|
ACCESS_CONTROL_ALLOW_HEADERS,
|
|
ACCESS_CONTROL_ALLOW_HEADERS,
|
|
|
|
|
+ ACCESS_CONTROL_EXPOSE_HEADERS,
|
|
|
ACCESS_CONTROL_ALLOW_CREDENTIALS,
|
|
ACCESS_CONTROL_ALLOW_CREDENTIALS,
|
|
|
ERROR_PAGES,
|
|
ERROR_PAGES,
|
|
|
#if !defined(NO_CACHING)
|
|
#if !defined(NO_CACHING)
|
|
@@ -2223,6 +2224,7 @@ static const struct mg_option config_options[] = {
|
|
|
{"access_control_allow_origin", MG_CONFIG_TYPE_STRING, "*"},
|
|
{"access_control_allow_origin", MG_CONFIG_TYPE_STRING, "*"},
|
|
|
{"access_control_allow_methods", MG_CONFIG_TYPE_STRING, "*"},
|
|
{"access_control_allow_methods", MG_CONFIG_TYPE_STRING, "*"},
|
|
|
{"access_control_allow_headers", MG_CONFIG_TYPE_STRING, "*"},
|
|
{"access_control_allow_headers", MG_CONFIG_TYPE_STRING, "*"},
|
|
|
|
|
+ {"access_control_expose_headers", MG_CONFIG_TYPE_STRING, ""},
|
|
|
{"access_control_allow_credentials", MG_CONFIG_TYPE_STRING, ""},
|
|
{"access_control_allow_credentials", MG_CONFIG_TYPE_STRING, ""},
|
|
|
{"error_pages", MG_CONFIG_TYPE_DIRECTORY, NULL},
|
|
{"error_pages", MG_CONFIG_TYPE_DIRECTORY, NULL},
|
|
|
#if !defined(NO_CACHING)
|
|
#if !defined(NO_CACHING)
|
|
@@ -4218,6 +4220,15 @@ send_cors_header(struct mg_connection *conn)
|
|
|
-1);
|
|
-1);
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
|
|
+ const char *cors_exphdr_cfg =
|
|
|
|
|
+ conn->dom_ctx->config[ACCESS_CONTROL_EXPOSE_HEADERS];
|
|
|
|
|
+ if (cors_exphdr_cfg && *cors_exphdr_cfg) {
|
|
|
|
|
+ mg_response_header_add(conn,
|
|
|
|
|
+ "Access-Control-Expose-Headers",
|
|
|
|
|
+ cors_exphdr_cfg,
|
|
|
|
|
+ -1);
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
const char *cors_meth_cfg =
|
|
const char *cors_meth_cfg =
|
|
|
conn->dom_ctx->config[ACCESS_CONTROL_ALLOW_METHODS];
|
|
conn->dom_ctx->config[ACCESS_CONTROL_ALLOW_METHODS];
|
|
|
if (cors_meth_cfg && *cors_meth_cfg) {
|
|
if (cors_meth_cfg && *cors_meth_cfg) {
|
|
@@ -15026,12 +15037,21 @@ handle_request(struct mg_connection *conn)
|
|
|
|
|
|
|
|
const char *cors_cred_cfg =
|
|
const char *cors_cred_cfg =
|
|
|
conn->dom_ctx->config[ACCESS_CONTROL_ALLOW_CREDENTIALS];
|
|
conn->dom_ctx->config[ACCESS_CONTROL_ALLOW_CREDENTIALS];
|
|
|
- if (cors_cred_cfg && *cors_cred_cfg)
|
|
|
|
|
|
|
+ if (cors_cred_cfg && *cors_cred_cfg) {
|
|
|
mg_printf(conn,
|
|
mg_printf(conn,
|
|
|
"Access-Control-Allow-Credentials: %s\r\n",
|
|
"Access-Control-Allow-Credentials: %s\r\n",
|
|
|
cors_cred_cfg);
|
|
cors_cred_cfg);
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ const char *cors_exphdr_cfg =
|
|
|
|
|
+ conn->dom_ctx->config[ACCESS_CONTROL_EXPOSE_HEADERS];
|
|
|
|
|
+ if (cors_exphdr_cfg && *cors_exphdr_cfg) {
|
|
|
|
|
+ mg_printf(conn,
|
|
|
|
|
+ "Access-Control-Expose-Headers: %s\r\n",
|
|
|
|
|
+ cors_exphdr_cfg);
|
|
|
|
|
+ }
|
|
|
|
|
|
|
|
- if (cors_acrh != NULL) {
|
|
|
|
|
|
|
+ if (cors_acrh || (cors_cred_cfg && *cors_cred_cfg)) {
|
|
|
/* CORS request is asking for additional headers */
|
|
/* CORS request is asking for additional headers */
|
|
|
const char *cors_hdr_cfg =
|
|
const char *cors_hdr_cfg =
|
|
|
conn->dom_ctx->config[ACCESS_CONTROL_ALLOW_HEADERS];
|
|
conn->dom_ctx->config[ACCESS_CONTROL_ALLOW_HEADERS];
|
Sergey Linev