postgres/typesense
1
0
Fork 0
mirror of https://github.com/typesense/typesense.git synced 2025-05-21 06:02:26 +08:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

If CORS is enabled, Access-Control-Allow-Origin header needs to be present on all responses.

Browse Source
This commit is contained in:
Kishore Nallan 2018-01-04 07:39:32 +05:30
parent 192b00e71f
commit 9407f55850
1 changed files with 29 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
src/http_server.cpp
View File

@ -283,36 +283,39 @@ int HttpServer::catch_all_handler(h2o_handler_t *_self, h2o_req_t *req) {
auth_key_from_header = query_map[AUTH_HEADER];
}
// Handle OPTIONS for CORS
if(self->http_server->cors_enabled && http_method == "OPTIONS") {
// locate request access control headers
const char* ACL_REQ_HEADERS = "access-control-request-headers";
ssize_t acl_header_cursor = h2o_find_header_by_str(&req->headers, ACL_REQ_HEADERS, strlen(ACL_REQ_HEADERS), -1);
// Handle CORS
if(self->http_server->cors_enabled) {
h2o_add_header_by_str(&req->pool, &req->res.headers, H2O_STRLIT("Access-Control-Allow-Origin"),
0, NULL, H2O_STRLIT("*"));
if(http_method == "OPTIONS") {
// locate request access control headers
const char* ACL_REQ_HEADERS = "access-control-request-headers";
ssize_t acl_header_cursor = h2o_find_header_by_str(&req->headers, ACL_REQ_HEADERS,
strlen(ACL_REQ_HEADERS), -1);
if(acl_header_cursor != -1) {
h2o_iovec_t &acl_req_headers = req->headers.entries[acl_header_cursor].value;
if(acl_header_cursor != -1) {
h2o_iovec_t &acl_req_headers = req->headers.entries[acl_header_cursor].value;
h2o_generator_t generator = {NULL, NULL};
h2o_iovec_t res_body = h2o_strdup(&req->pool, "", SIZE_MAX);
req->res.status = 200;
req->res.reason = get_status_reason(200);
h2o_generator_t generator = {NULL, NULL};
h2o_iovec_t res_body = h2o_strdup(&req->pool, "", SIZE_MAX);
req->res.status = 200;
req->res.reason = get_status_reason(200);
h2o_add_header_by_str(&req->pool, &req->res.headers,
H2O_STRLIT("Access-Control-Allow-Origin"),
0, NULL, H2O_STRLIT("*"));
h2o_add_header_by_str(&req->pool, &req->res.headers,
H2O_STRLIT("Access-Control-Allow-Methods"),
0, NULL, H2O_STRLIT("POST, GET, DELETE, PUT, PATCH, OPTIONS"));
h2o_add_header_by_str(&req->pool, &req->res.headers,
H2O_STRLIT("Access-Control-Allow-Headers"),
0, NULL, acl_req_headers.base, acl_req_headers.len);
h2o_add_header_by_str(&req->pool, &req->res.headers,
H2O_STRLIT("Access-Control-Max-Age"),
0, NULL, H2O_STRLIT("86400"));
h2o_add_header_by_str(&req->pool, &req->res.headers,
H2O_STRLIT("Access-Control-Allow-Methods"),
0, NULL, H2O_STRLIT("POST, GET, DELETE, PUT, PATCH, OPTIONS"));
h2o_add_header_by_str(&req->pool, &req->res.headers,
H2O_STRLIT("Access-Control-Allow-Headers"),
0, NULL, acl_req_headers.base, acl_req_headers.len);
h2o_add_header_by_str(&req->pool, &req->res.headers,
H2O_STRLIT("Access-Control-Max-Age"),
0, NULL, H2O_STRLIT("86400"));
h2o_start_response(req, &generator);
h2o_send(req, &res_body, 1, H2O_SEND_STATE_FINAL);
return 0;
h2o_start_response(req, &generator);
h2o_send(req, &res_body, 1, H2O_SEND_STATE_FINAL);
return 0;
}
}
}