|
|
@@ -9563,6 +9563,7 @@ handle_static_file_request(struct mg_connection *conn,
|
|
|
int n, truncated;
|
|
|
char gz_path[PATH_MAX];
|
|
|
const char *encoding = "";
|
|
|
+ const char *cors_orig_cfg;
|
|
|
const char *cors1, *cors2, *cors3;
|
|
|
int is_head_request;
|
|
|
|
|
|
@@ -9683,15 +9684,16 @@ handle_static_file_request(struct mg_connection *conn,
|
|
|
#endif
|
|
|
|
|
|
/* Standard CORS header */
|
|
|
+ cors_orig_cfg = conn->dom_ctx->config[ACCESS_CONTROL_ALLOW_ORIGIN];
|
|
|
hdr = mg_get_header(conn, "Origin");
|
|
|
- if (hdr) {
|
|
|
+ if (cors_orig_cfg && *cors_orig_cfg && hdr) {
|
|
|
/* Cross-origin resource sharing (CORS), see
|
|
|
* http://www.html5rocks.com/en/tutorials/cors/,
|
|
|
* http://www.html5rocks.com/static/images/cors_server_flowchart.png
|
|
|
* -
|
|
|
* preflight is not supported for files. */
|
|
|
cors1 = "Access-Control-Allow-Origin: ";
|
|
|
- cors2 = conn->dom_ctx->config[ACCESS_CONTROL_ALLOW_ORIGIN];
|
|
|
+ cors2 = cors_orig_cfg;
|
|
|
cors3 = "\r\n";
|
|
|
} else {
|
|
|
cors1 = cors2 = cors3 = "";
|
|
|
@@ -11822,16 +11824,18 @@ handle_ssi_file_request(struct mg_connection *conn,
|
|
|
{
|
|
|
char date[64];
|
|
|
time_t curtime = time(NULL);
|
|
|
+ const char *cors_orig_cfg;
|
|
|
const char *cors1, *cors2, *cors3;
|
|
|
|
|
|
if ((conn == NULL) || (path == NULL) || (filep == NULL)) {
|
|
|
return;
|
|
|
}
|
|
|
|
|
|
- if (mg_get_header(conn, "Origin")) {
|
|
|
+ cors_orig_cfg = conn->dom_ctx->config[ACCESS_CONTROL_ALLOW_ORIGIN];
|
|
|
+ if (cors_orig_cfg && *cors_orig_cfg && mg_get_header(conn, "Origin")) {
|
|
|
/* Cross-origin resource sharing (CORS). */
|
|
|
cors1 = "Access-Control-Allow-Origin: ";
|
|
|
- cors2 = conn->dom_ctx->config[ACCESS_CONTROL_ALLOW_ORIGIN];
|
|
|
+ cors2 = cors_orig_cfg;
|
|
|
cors3 = "\r\n";
|
|
|
} else {
|
|
|
cors1 = cors2 = cors3 = "";
|
xtne6f