From 6b6a1e65e1bb9540ca3b72af31ef6d19e7b850c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Ricks?= Date: Thu, 2 Jun 2016 13:32:41 +0200 Subject: [PATCH] Allow to add Access-Control-Allow-Origin header to responses Add a new general config setting allow_origin that is included as Access-Control-Allow-Origin header in http responses. This allows to make http request against forked-daapd from browsers with enabled CORS (https://www.w3.org/TR/cors/) via JavaScript XMLHttpRequest. Per default the setting is not defined and no Access-Control-Allow-Origin header is included in the response. --- src/conffile.c | 1 + src/httpd.c | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/src/conffile.c b/src/conffile.c index c8571f3d..0c26fc99 100644 --- a/src/conffile.c +++ b/src/conffile.c @@ -55,6 +55,7 @@ static cfg_opt_t sec_general[] = CFG_BOOL("ipv6", cfg_true, CFGF_NONE), CFG_STR("cache_path", STATEDIR "/cache/" PACKAGE "/cache.db", CFGF_NONE), CFG_INT("cache_daap_threshold", 1000, CFGF_NONE), + CFG_STR("allow_origin", NULL, CFGF_NONE), CFG_END() }; diff --git a/src/httpd.c b/src/httpd.c index be68364b..bd057f2d 100644 --- a/src/httpd.c +++ b/src/httpd.c @@ -678,6 +678,7 @@ httpd_send_reply(struct evhttp_request *req, int code, const char *reason, struc int flush; int zret; int ret; + char *origin; if (!req) return; @@ -774,6 +775,10 @@ httpd_send_reply(struct evhttp_request *req, int code, const char *reason, struc headers = evhttp_request_get_output_headers(req); + origin = cfg_getstr(cfg_getsec(cfg, "general"), "allow_origin"); + if (origin && strlen(origin)) + evhttp_add_header(headers, "Access-Control-Allow-Origin", origin); + evhttp_add_header(headers, "Content-Encoding", "gzip"); evhttp_send_reply(req, code, reason, gzbuf);