Closed eshaz closed 1 year ago
@karlheyes Just following up on this. Have you taken a look at this PR yet?
I have an interim release for testing such things, not heavily tested but should be more-or-less there, recently released at karlheyes.github.io/icecast-2.4.0-kh17-http.tar.gz
A number of these headers have been preset but you can define others or replace the existing ones in the xml using the http-headers block (global or per-mount). The status setting can be a wildcard match though so "@(200|404)" or "2*" sort of thing is allowed. I may of missed the expose headers one though, so if you add that header to the http-headers block and it works fine then I can add that to a predefined one easily enough. Just let me know which headers are needed.
karl
Hi Karl,
Thank you for the response. I downloaded that release and added the Icy-
headers into the Access-Control-Expose-Headers
block. Everything worked great and the browser was able to read the Icy-MetaInt
header and the other headers as expected in a cross-origin request.
Another change that should be made here is to remove the icy-br, icy-description, icy-genre, icy-name, icy-pub, icy-url
headers from the Access-Control-Allow-Headers
block. That block is meant to specify which headers the browser can send to the server in a cross origin request. However, they will need to be added to the Access-Control-Expose-Headers
block to allow the browser to read them from the response.
Here's the patch that should accomplish everything for this pull request using your latest pre-release:
--- src/client.c 2023-01-03 23:01:12.418263384 -0600
+++ src/client.c 2023-01-03 23:05:14.064971910 -0600
@@ -1323,7 +1323,10 @@
{ .field = { .status = "2*", .name = "Access-Control-Allow-Credentials",
.value = "True", .callback = _send_cors_hdr } },
{ .field = { .status = "2*", .name = "Access-Control-Allow-Headers",
- .value = "Origin, Icy-MetaData, Range, icy-br, icy-description, icy-genre, icy-name, icy-pub, icy-url",
+ .value = "Origin, Icy-MetaData, Range",
+ .callback = _send_cors_hdr } },
+ { .field = { .status = "2*", .name = "Access-Control-Expose-Headers",
+ .value = "Icy-Br, Icy-Description, Icy-Genre, Icy-MetaInt, Icy-Name, Icy-Pub, Icy-Url",
.callback = _send_cors_hdr } },
{ .field = { .status = "2*", .name = "Access-Control-Allow-Methods",
.value = "GET, OPTIONS, SOURCE, PUT, HEAD, STATS",
I've put it in my local tree. The callback is not strictly speaking necessary but not a problem. The one I was more concerned about was Access-Control-Allow-Credentials, to * or not.
karl
Adds CORS configuration to allow
Icy-
headers to be read in a cross origin browser request.Icy-MetaInt
is important to read so the client can parse metadata correctly. The otherIcy-
headers give additional information to the client about a stream.Resolves #338