external/srs
1
0
Fork 0
mirror of https://github.com/ossrs/srs.git synced 2025-03-09 15:49:59 +00:00
Code Issues Releases Wiki Activity

SRS5: CORS: Refine HTTP CORS headers. v5.0.130

Browse source 
PICK 3612473516
This commit is contained in:
winlin 2023-01-05 18:33:44 +08:00
parent 232de03c56
commit 35e01906f2
5 changed files with 28 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

2
trunk/src/core/srs_core_version5.hpp
View file

@ -9,6 +9,6 @@
#define VERSION_MAJOR 5
#define VERSION_MINOR 0
#define VERSION_REVISION 129
#define VERSION_REVISION 130
#endif

17
trunk/src/protocol/srs_protocol_http_stack.cpp
View file

@ -891,10 +891,21 @@ srs_error_t SrsHttpCorsMux::serve_http(ISrsHttpResponseWriter* w, ISrsHttpMessag
// When CORS required, set the CORS headers.
if (required) {
SrsHttpHeader* h = w->header();
// SRS does not need cookie or credentials, so we disable CORS credentials, and use * for CORS origin,
// headers, expose headers and methods.
h->set("Access-Control-Allow-Origin", "*");
h->set("Access-Control-Allow-Methods", "GET, POST, HEAD, PUT, DELETE, OPTIONS");
h->set("Access-Control-Expose-Headers", "Server,range,Content-Length,Content-Range");
h->set("Access-Control-Allow-Headers", "origin,range,accept-encoding,referer,Cache-Control,X-Proxy-Authorization,X-Requested-With,Content-Type");
// See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers
h->set("Access-Control-Allow-Headers", "*");
// See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods
h->set("Access-Control-Allow-Methods", "*");
// See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers
// Only the CORS-safelisted response headers are exposed by default. That is Cache-Control, Content-Language,
// Content-Length, Content-Type, Expires, Last-Modified, Pragma.
// See https://developer.mozilla.org/en-US/docs/Glossary/CORS-safelisted_response_header
h->set("Access-Control-Expose-Headers", "*");
// https://stackoverflow.com/a/24689738/17679565
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials
h->set("Access-Control-Allow-Credentials", "false");
}
// handle the http options.