search

karlheyes / icecast-kh

KH branch of icecast
GNU General Public License v2.0
298 stars 107 forks source link

add `Icy-` headers to Access-Control-Expose-Headers #334

Closed eshaz closed 1 year ago

eshaz commented 3 years ago

Adds CORS configuration to allow Icy- headers to be read in a cross origin browser request. Icy-MetaInt is important to read so the client can parse metadata correctly. The other Icy- headers give additional information to the client about a stream.

Resolves #338

eshaz commented 1 year ago

@karlheyes Just following up on this. Have you taken a look at this PR yet?

karlheyes commented 1 year ago

I have an interim release for testing such things, not heavily tested but should be more-or-less there, recently released at karlheyes.github.io/icecast-2.4.0-kh17-http.tar.gz

A number of these headers have been preset but you can define others or replace the existing ones in the xml using the http-headers block (global or per-mount). The status setting can be a wildcard match though so "@(200|404)" or "2*" sort of thing is allowed. I may of missed the expose headers one though, so if you add that header to the http-headers block and it works fine then I can add that to a predefined one easily enough. Just let me know which headers are needed.

karl

eshaz commented 1 year ago

Hi Karl,

Thank you for the response. I downloaded that release and added the Icy- headers into the Access-Control-Expose-Headers block. Everything worked great and the browser was able to read the Icy-MetaInt header and the other headers as expected in a cross-origin request.

Another change that should be made here is to remove the icy-br, icy-description, icy-genre, icy-name, icy-pub, icy-url headers from the Access-Control-Allow-Headers block. That block is meant to specify which headers the browser can send to the server in a cross origin request. However, they will need to be added to the Access-Control-Expose-Headers block to allow the browser to read them from the response.

Here's the patch that should accomplish everything for this pull request using your latest pre-release:

--- src/client.c    2023-01-03 23:01:12.418263384 -0600
+++ src/client.c    2023-01-03 23:05:14.064971910 -0600
@@ -1323,7 +1323,10 @@
     { .field = { .status = "2*",        .name = "Access-Control-Allow-Credentials",
                                         .value = "True", .callback = _send_cors_hdr } },
     { .field = { .status = "2*",        .name = "Access-Control-Allow-Headers",
-                                        .value = "Origin, Icy-MetaData, Range, icy-br, icy-description, icy-genre, icy-name, icy-pub, icy-url",
+                                        .value = "Origin, Icy-MetaData, Range",
+                                        .callback = _send_cors_hdr } },
+    { .field = { .status = "2*",        .name = "Access-Control-Expose-Headers",
+                                        .value = "Icy-Br, Icy-Description, Icy-Genre, Icy-MetaInt, Icy-Name, Icy-Pub, Icy-Url",
                                         .callback = _send_cors_hdr } },
     { .field = { .status = "2*",        .name = "Access-Control-Allow-Methods",
                                         .value = "GET, OPTIONS, SOURCE, PUT, HEAD, STATS",
karlheyes commented 1 year ago

I've put it in my local tree. The callback is not strictly speaking necessary but not a problem. The one I was more concerned about was Access-Control-Allow-Credentials, to * or not.

karl

eshaz commented 1 year ago

Completed in https://github.com/karlheyes/icecast-kh/commit/9da73c9f952e84b2515661bd6163cc39ddd52626

Thanks!