backup/EWF
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

CORS: respect specification regarding Access-Control-Allow-Headers

Browse Source 
According to the specification, the value of the response header
Access-Control-Allow-Headers must contain at least all the values of the
request header Access-Control-Request-Headers to be considered a valid request.
Before this commit, only the Authorization value was present, which is enough
for Firefox but not for Chrome.
This should now work as expected.
This commit is contained in:
Olivier Ligot
2013-02-22 15:58:09 +01:00
parent ff57d0ecd4
commit 12404a2d5c
5 changed files with 28 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
library/server/ewsgi/specification/request/wgi_meta_names.e
View File

@@ -50,6 +50,8 @@ feature -- Access
http_transfer_encoding: STRING = "HTTP_TRANSFER_ENCODING" http_transfer_encoding: STRING = "HTTP_TRANSFER_ENCODING"
http_access_control_request_headers: STRING = "HTTP_ACCESS_CONTROL_REQUEST_HEADERS"
gateway_interface: STRING = "GATEWAY_INTERFACE" gateway_interface: STRING = "GATEWAY_INTERFACE"
auth_type: STRING = "AUTH_TYPE" auth_type: STRING = "AUTH_TYPE"

6
library/server/ewsgi/specification/request/wgi_request.e
View File

@@ -598,6 +598,12 @@ feature -- HTTP_*
deferred deferred
end end
http_access_control_request_headers: detachable READABLE_STRING_8
-- Indicates which headers will be used in the actual request
-- as part of the preflight request
deferred
end
feature -- Extra CGI environment variables feature -- Extra CGI environment variables
request_uri: READABLE_STRING_8 request_uri: READABLE_STRING_8

7
library/server/ewsgi/src/implementation/wgi_request_from_table.e
View File

@@ -241,6 +241,13 @@ feature -- Access: HTTP_* CGI meta parameters - 1.1
Result := meta_string_variable ({WGI_META_NAMES}.http_transfer_encoding) Result := meta_string_variable ({WGI_META_NAMES}.http_transfer_encoding)
end end
http_access_control_request_headers: detachable READABLE_STRING_8
-- Indicates which headers will be used in the actual request
-- as part of the preflight request
do
Result := meta_string_variable ({WGI_META_NAMES}.http_access_control_request_headers)
end
feature -- Access: Extension to CGI meta parameters - 1.1 feature -- Access: Extension to CGI meta parameters - 1.1
request_uri: READABLE_STRING_8 request_uri: READABLE_STRING_8

8
library/server/wsf/src/response/wsf_cors_options_response.e
View File

@@ -40,9 +40,13 @@ feature {WSF_RESPONSE} -- Output
local local
l_methods: WSF_REQUEST_METHODS l_methods: WSF_REQUEST_METHODS
do do
res.set_status_code ({HTTP_STATUS_CODE}.No_content) res.set_status_code ({HTTP_STATUS_CODE}.Ok)
header.put_content_type ({HTTP_MIME_TYPES}.text_plain)
header.put_current_date header.put_current_date
header.put_access_control_allow_headers ({HTTP_HEADER_NAMES}.header_authorization) header.put_content_length (0)
if attached request.http_access_control_request_headers as l_headers then
header.put_access_control_allow_headers (l_headers)
end
l_methods := router.allowed_methods_for_request (request) l_methods := router.allowed_methods_for_request (request)
if not l_methods.is_empty then if not l_methods.is_empty then
header.put_allow (l_methods) header.put_allow (l_methods)

7
library/server/wsf/src/wsf_request.e
View File

@@ -958,6 +958,13 @@ feature -- HTTP_*
Result := wgi_request.http_transfer_encoding Result := wgi_request.http_transfer_encoding
end end
http_access_control_request_headers: detachable READABLE_STRING_8
-- Indicates which headers will be used in the actual request
-- as part of the preflight request
do
Result := wgi_request.http_access_control_request_headers
end
feature -- Extra CGI environment variables feature -- Extra CGI environment variables
request_uri: READABLE_STRING_8 request_uri: READABLE_STRING_8