Closed crotwell closed 6 years ago
Probably not the best way to actually do this since it is hardcoded to allow all, but here is a diff of the changes I made to http.c in order to allow CORS request to succeed. May be of use to someone...
diff --git a/src/http.c b/src/http.c
index 513bf97..e36acda 100644
--- a/src/http.c
+++ b/src/http.c
@@ -196,6 +196,7 @@ HandleHTTP (char *recvbuffer, ClientInfo *cinfo)
"HTTP/1.1 200\r\n"
"Content-Length: %d\r\n"
"Content-Type: text/plain\r\n"
+ "Access-Control-Allow-Origin: *\r\n"
"\r\n",
(response) ? responsebytes : 0);
@@ -237,6 +238,7 @@ HandleHTTP (char *recvbuffer, ClientInfo *cinfo)
"HTTP/1.1 200\r\n"
"Content-Length: %d\r\n"
"Content-Type: text/plain\r\n"
+ "Access-Control-Allow-Origin: *\r\n"
"\r\n",
(response) ? responsebytes : 0);
@@ -295,6 +297,7 @@ HandleHTTP (char *recvbuffer, ClientInfo *cinfo)
"HTTP/1.1 200\r\n"
"Content-Length: %d\r\n"
"Content-Type: text/plain\r\n"
+ "Access-Control-Allow-Origin: *\r\n"
"\r\n",
(response) ? responsebytes : 0);
@@ -353,6 +356,7 @@ HandleHTTP (char *recvbuffer, ClientInfo *cinfo)
"HTTP/1.1 200\r\n"
"Content-Length: %d\r\n"
"Content-Type: text/plain\r\n"
+ "Access-Control-Allow-Origin: *\r\n"
"\r\n",
(response) ? responsebytes : 0);
@@ -1449,6 +1453,7 @@ SendFileHTTP (ClientInfo *cinfo, char *path)
rv = asprintf (&response, "HTTP/1.1 200\r\n"
"Content-Length: %llu\r\n"
"Content-Type: %s\n"
+ "Access-Control-Allow-Origin: *\r\n"
"\r\n",
(long long unsigned int)filestat.st_size,
contenttype);
@@ -1649,6 +1654,7 @@ NegotiateWebSocket (ClientInfo *cinfo, char *version,
"HTTP/1.1 101 Switching Protocols\r\n"
"Upgrade: websocket\r\n"
"Connection: Upgrade\r\n"
+ "Access-Control-Allow-Origin: *\r\n"
"%s"
"Sec-WebSocket-Accept: %s\r\n"
"\r\n",
Allow the http mode in ringserver (optionally) set headers, in particular the CORS header is needed for cross-site scripting.
Maybe in config file in manner similar to how it works on Apache:
Header set Access-Control-Allow-Origin "*"
Not sure if there would be need for other headers, but might be useful to have generic "add a http header" ability.