Use lowercase for CORS related headers.

2025-05-20 05:32:30 +08:00 · 2018-03-28 19:21:31 +05:30 · 2018-03-28 19:21:31 +05:30 · 97904b0cfa
commit 97904b0cfa
parent f17d1e0cf2
1 changed files with 4 additions and 4 deletions
--- a/src/http_server.cpp
+++ b/src/http_server.cpp
@ -281,7 +281,7 @@ int HttpServer::catch_all_handler(h2o_handler_t *_self, h2o_req_t *req) {

    // Handle CORS
    if(self->http_server->cors_enabled) {
-        h2o_add_header_by_str(&req->pool, &req->res.headers, H2O_STRLIT("Access-Control-Allow-Origin"),
+        h2o_add_header_by_str(&req->pool, &req->res.headers, H2O_STRLIT("access-control-allow-origin"),
                              0, NULL, H2O_STRLIT("*"));
        
        if(http_method == "OPTIONS") {
@ -299,13 +299,13 @@ int HttpServer::catch_all_handler(h2o_handler_t *_self, h2o_req_t *req) {
                req->res.reason = get_status_reason(200);

                h2o_add_header_by_str(&req->pool, &req->res.headers,
-                                      H2O_STRLIT("Access-Control-Allow-Methods"),
+                                      H2O_STRLIT("access-control-allow-methods"),
                                      0, NULL, H2O_STRLIT("POST, GET, DELETE, PUT, PATCH, OPTIONS"));
                h2o_add_header_by_str(&req->pool, &req->res.headers,
-                                      H2O_STRLIT("Access-Control-Allow-Headers"),
+                                      H2O_STRLIT("access-control-allow-headers"),
                                      0, NULL, acl_req_headers.base, acl_req_headers.len);
                h2o_add_header_by_str(&req->pool, &req->res.headers,
-                                      H2O_STRLIT("Access-Control-Max-Age"),
+                                      H2O_STRLIT("access-control-max-age"),
                                      0, NULL, H2O_STRLIT("86400"));

                h2o_start_response(req, &generator);