return rsp;
}
+ /*
+ * Add "Cross-origin resource sharing" (CORS) headers if enabled
+ */
+ if (NULL != csp->config->cors_allowed_origin)
+ {
+ enlist_unique_header(rsp->headers, "Access-Control-Allow-Origin",
+ strdup_or_die(csp->config->cors_allowed_origin));
+ enlist_unique_header(rsp->headers, "Access-Control-Allow-Methods", "GET,POST");
+ enlist_unique_header(rsp->headers, "Access-Control-Allow-Headers", "X-Requested-With");
+ enlist_unique_header(rsp->headers, "Access-Control-Max-Age", "86400");
+ }
+
/*
* Fill in the HTTP Status, using HTTP/1.1
* unless the client asked for HTTP/1.0.
#define hash_compression_level 2464423563U /* "compression-level" */
#define hash_confdir 1978389U /* "confdir" */
#define hash_connection_sharing 1348841265U /* "connection-sharing" */
+#define hash_cors_allowed_origin 2769345637U /* "cors-allowed-origin" */
#define hash_debug 78263U /* "debug" */
#define hash_default_server_timeout 2530089913U /* "default-server-timeout" */
#define hash_deny_access 1227333715U /* "deny-access" */
config->compression_level = 1;
#endif
config->feature_flags &= ~RUNTIME_FEATURE_TOLERATE_PIPELINING;
+ config->cors_allowed_origin = NULL;
configfp = fopen(configfile, "r");
if (NULL == configfp)
break;
#endif
+/* *************************************************************************
+ * cors-allowed-origin http://www.example.org
+ * *************************************************************************/
+ case hash_cors_allowed_origin :
+ /*
+ * We don't validate the specified referrer as
+ * it's only used for string comparison.
+ */
+ freez(config->cors_allowed_origin);
+ config->cors_allowed_origin = strdup_or_die(arg);
+ break;
+
/* *************************************************************************
* debug n
* Specifies debug level, multiple values are ORed together.
/** The directory for customized CGI templates. */
const char *templdir;
+ /** "Cross-origin resource sharing" (CORS) allowed origin */
+ const char *cors_allowed_origin;
+
#ifdef FEATURE_EXTERNAL_FILTERS
/** The template used to create temporary files. */
const char *temporary_directory;