diff --git a/include/http.h b/include/http.h index b7e7594..69af685 100644 --- a/include/http.h +++ b/include/http.h @@ -97,6 +97,7 @@ struct http_content_type { const char *content_type; }; +char *http_get_header(struct MHD_Connection *connection, const char *header); void http_add_header(struct http_response *resp, const char *key, const char *value); void http_set_content_type(struct http_response *resp, const char *filepath); void http_free_resp(struct http_response *resp); diff --git a/src/modules/http.c b/src/modules/http.c index 4466780..950e0dc 100644 --- a/src/modules/http.c +++ b/src/modules/http.c @@ -155,6 +155,7 @@ void http_free_resp(struct http_response *resp) struct http_response *http_mkresp(struct MHD_Connection *conn, int status, const char *body) { + _cleanup_free_ char *origin; struct http_response *resp = malloc(sizeof(struct http_response)); resp->status = status; resp->connection = conn; @@ -164,6 +165,13 @@ struct http_response *http_mkresp(struct MHD_Connection *conn, int status, const else resp->ndata = strlen(resp->data); resp->headers = NULL; + http_add_header(resp, "Access-Control-Allow-Headers", "Authorization, Origin"); + http_add_header(resp, "Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS"); + origin = http_get_header(conn, "Origin"); + if (origin) + http_add_header(resp, "Access-Control-Allow-Origin", origin); + else + http_add_header(resp, "Access-Control-Allow-Origin", "*"); return resp; } @@ -257,7 +265,7 @@ static int get_key (void *cls, enum MHD_ValueKind kind, const char *key, const c return MHD_YES; } -static char *http_get_header(struct MHD_Connection *connection, const char *header) +char *http_get_header(struct MHD_Connection *connection, const char *header) { struct header_finder_t finder; finder.header = header; @@ -342,6 +350,10 @@ static int answer_to_connection (void *cls, struct MHD_Connection *connection, log_request(connection, http, method, url); + if (0 == strcmp (method, "OPTIONS")) { + return send_response_ok(connection, ""); + } + if (0 == strcmp (method, "GET") || !strcmp(method, "HEAD") || !strcmp(method,"DELETE")) { ret = check_auth(connection, core, con_info); if (ret == 1)