|
|
@@ -2059,6 +2059,7 @@ enum {
|
|
|
ACCESS_CONTROL_ALLOW_ORIGIN,
|
|
|
ACCESS_CONTROL_ALLOW_METHODS,
|
|
|
ACCESS_CONTROL_ALLOW_HEADERS,
|
|
|
+ ACCESS_CONTROL_ALLOW_CREDENTIALS,
|
|
|
ERROR_PAGES,
|
|
|
#if !defined(NO_CACHING)
|
|
|
STATIC_FILE_MAX_AGE,
|
|
|
@@ -2222,6 +2223,7 @@ static const struct mg_option config_options[] = {
|
|
|
{"access_control_allow_origin", MG_CONFIG_TYPE_STRING, "*"},
|
|
|
{"access_control_allow_methods", MG_CONFIG_TYPE_STRING, "*"},
|
|
|
{"access_control_allow_headers", MG_CONFIG_TYPE_STRING, "*"},
|
|
|
+ {"access_control_allow_credentials", MG_CONFIG_TYPE_STRING, ""},
|
|
|
{"error_pages", MG_CONFIG_TYPE_DIRECTORY, NULL},
|
|
|
#if !defined(NO_CACHING)
|
|
|
{"static_file_max_age", MG_CONFIG_TYPE_NUMBER, "3600"},
|
|
|
@@ -4195,6 +4197,18 @@ send_cors_header(struct mg_connection *conn)
|
|
|
cors_orig_cfg,
|
|
|
-1);
|
|
|
}
|
|
|
+
|
|
|
+ const char *cors_cred_cfg =
|
|
|
+ conn->dom_ctx->config[ACCESS_CONTROL_ALLOW_CREDENTIALS];
|
|
|
+ if (cors_cred_cfg && *cors_cred_cfg && origin_hdr && *origin_hdr) {
|
|
|
+ /* Cross-origin resource sharing (CORS), see
|
|
|
+ * https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials */
|
|
|
+ mg_response_header_add(conn,
|
|
|
+ "Access-Control-Allow-Credentials",
|
|
|
+ cors_cred_cfg,
|
|
|
+ -1);
|
|
|
+ }
|
|
|
+
|
|
|
}
|
|
|
|
|
|
|
Sergey Linev