diff --git a/server/upload-file.c b/server/upload-file.c index 296a9af..ad60ead 100644 --- a/server/upload-file.c +++ b/server/upload-file.c @@ -521,7 +521,20 @@ upload_api_cb(evhtp_request_t *req, void *arg) int replace = 0; int rc; - if (evhtp_request_get_method(req) == htp_method_OPTIONS) { + evhtp_headers_add_header (req->headers_out, + evhtp_header_new("Access-Control-Allow-Headers", + "x-requested-with, content-type, accept, origin, authorization", 1, 1)); + evhtp_headers_add_header (req->headers_out, + evhtp_header_new("Access-Control-Allow-Methods", + "GET, POST, PUT, PATCH, DELETE, OPTIONS", 1, 1)); + evhtp_headers_add_header (req->headers_out, + evhtp_header_new("Access-Control-Allow-Origin", + "*", 1, 1)); + evhtp_headers_add_header (req->headers_out, + evhtp_header_new("Access-Control-Max-Age", + "86400", 1, 1)); + + if (evhtp_request_get_method(req) == htp_method_OPTIONS) { /* If CORS preflight header, then create an empty body response (200 OK) * and return it. */ @@ -1213,6 +1226,27 @@ update_api_cb(evhtp_request_t *req, void *arg) int error_code = ERROR_INTERNAL; char *new_file_id = NULL; + evhtp_headers_add_header (req->headers_out, + evhtp_header_new("Access-Control-Allow-Headers", + "x-requested-with, content-type, accept, origin, authorization", 1, 1)); + evhtp_headers_add_header (req->headers_out, + evhtp_header_new("Access-Control-Allow-Methods", + "GET, POST, PUT, PATCH, DELETE, OPTIONS", 1, 1)); + evhtp_headers_add_header (req->headers_out, + evhtp_header_new("Access-Control-Allow-Origin", + "*", 1, 1)); + evhtp_headers_add_header (req->headers_out, + evhtp_header_new("Access-Control-Max-Age", + "86400", 1, 1)); + + if (evhtp_request_get_method(req) == htp_method_OPTIONS) { + /* If CORS preflight header, then create an empty body response (200 OK) + * and return it. + */ + send_success_reply (req); + return; + } + if (!fsm || fsm->state == RECV_ERROR) return;