external/srs
1
0
Fork 0
mirror of https://github.com/ossrs/srs.git synced 2025-03-09 15:49:59 +00:00
Code Issues Releases Wiki Activity

SRS5: CORS: Refine HTTP CORS headers. v5.0.130

Browse source 
PICK 3612473516
This commit is contained in:
winlin 2023-01-05 18:33:44 +08:00
parent 232de03c56
commit 35e01906f2
5 changed files with 28 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

14
trunk/3rdparty/httpx-static/main.go vendored
View file

@ -412,10 +412,18 @@ func run(ctx context.Context) error {
oh.SetHeader(w)
if o := r.Header.Get("Origin"); len(o) > 0 {
// SRS does not need cookie or credentials, so we disable CORS credentials, and use * for CORS origin,
// headers, expose headers and methods.
w.Header().Set("Access-Control-Allow-Origin", "*")
w.Header().Set("Access-Control-Allow-Methods", "GET, POST, HEAD, PUT, DELETE, OPTIONS")
w.Header().Set("Access-Control-Expose-Headers", "Server,range,Content-Length,Content-Range")
w.Header().Set("Access-Control-Allow-Headers", "origin,range,accept-encoding,referer,Cache-Control,X-Proxy-Authorization,X-Requested-With,Content-Type")
// See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers
w.Header().Set("Access-Control-Allow-Headers", "*")
// See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods
w.Header().Set("Access-Control-Allow-Methods", "*")
// See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers
w.Header().Set("Access-Control-Expose-Headers", "*")
// https://stackoverflow.com/a/24689738/17679565
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials
w.Header().Set("Access-Control-Allow-Credentials", "false")
}
// For matched OPTIONS, directly return without response.

2
trunk/3rdparty/httpx-static/version.go vendored
View file

@ -35,7 +35,7 @@ func VersionMinor() int {
}
func VersionRevision() int {
return 26
return 27
}
func Version() string {

1
trunk/doc/CHANGELOG.md
View file

@ -26,6 +26,7 @@ The changelog for SRS.
## SRS 5.0 Changelog
* v5.0, 2023-01-05, CORS: Refine HTTP CORS headers. v5.0.130
* v5.0, 2023-01-03, Add blackbox test for HLS and MP3 codec. v5.0.129
* v5.0, 2023-01-02, Merge [#3355](https://github.com/ossrs/srs/pull/3355): Test: Support blackbox test by FFmpeg. v5.0.128
* v5.0, 2023-01-02, Fix [#3347](https://github.com/ossrs/srs/issues/3347): Asan: Disable asan for CentOS and use statically link if possible. v5.0.127

2
trunk/src/core/srs_core_version5.hpp
View file

@ -9,6 +9,6 @@
#define VERSION_MAJOR 5
#define VERSION_MINOR 0
#define VERSION_REVISION 129
#define VERSION_REVISION 130
#endif

17
trunk/src/protocol/srs_protocol_http_stack.cpp
View file

@ -891,10 +891,21 @@ srs_error_t SrsHttpCorsMux::serve_http(ISrsHttpResponseWriter* w, ISrsHttpMessag
// When CORS required, set the CORS headers.
if (required) {
SrsHttpHeader* h = w->header();
// SRS does not need cookie or credentials, so we disable CORS credentials, and use * for CORS origin,
// headers, expose headers and methods.
h->set("Access-Control-Allow-Origin", "*");
h->set("Access-Control-Allow-Methods", "GET, POST, HEAD, PUT, DELETE, OPTIONS");
h->set("Access-Control-Expose-Headers", "Server,range,Content-Length,Content-Range");
h->set("Access-Control-Allow-Headers", "origin,range,accept-encoding,referer,Cache-Control,X-Proxy-Authorization,X-Requested-With,Content-Type");
// See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers
h->set("Access-Control-Allow-Headers", "*");
// See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods
h->set("Access-Control-Allow-Methods", "*");
// See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers
// Only the CORS-safelisted response headers are exposed by default. That is Cache-Control, Content-Language,
// Content-Length, Content-Type, Expires, Last-Modified, Pragma.
// See https://developer.mozilla.org/en-US/docs/Glossary/CORS-safelisted_response_header
h->set("Access-Control-Expose-Headers", "*");
// https://stackoverflow.com/a/24689738/17679565
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials
h->set("Access-Control-Allow-Credentials", "false");
}
// handle the http options.