1
0
Fork 0
mirror of https://github.com/ossrs/srs.git synced 2025-03-09 15:49:59 +00:00

SRS5: CORS: Refine HTTP CORS headers. v5.0.130

PICK 3612473516
This commit is contained in:
winlin 2023-01-05 18:33:44 +08:00
parent 232de03c56
commit 35e01906f2
5 changed files with 28 additions and 8 deletions

View file

@ -412,10 +412,18 @@ func run(ctx context.Context) error {
oh.SetHeader(w)
if o := r.Header.Get("Origin"); len(o) > 0 {
// SRS does not need cookie or credentials, so we disable CORS credentials, and use * for CORS origin,
// headers, expose headers and methods.
w.Header().Set("Access-Control-Allow-Origin", "*")
w.Header().Set("Access-Control-Allow-Methods", "GET, POST, HEAD, PUT, DELETE, OPTIONS")
w.Header().Set("Access-Control-Expose-Headers", "Server,range,Content-Length,Content-Range")
w.Header().Set("Access-Control-Allow-Headers", "origin,range,accept-encoding,referer,Cache-Control,X-Proxy-Authorization,X-Requested-With,Content-Type")
// See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers
w.Header().Set("Access-Control-Allow-Headers", "*")
// See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods
w.Header().Set("Access-Control-Allow-Methods", "*")
// See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers
w.Header().Set("Access-Control-Expose-Headers", "*")
// https://stackoverflow.com/a/24689738/17679565
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials
w.Header().Set("Access-Control-Allow-Credentials", "false")
}
// For matched OPTIONS, directly return without response.

View file

@ -35,7 +35,7 @@ func VersionMinor() int {
}
func VersionRevision() int {
return 26
return 27
}
func Version() string {