Support cors in upload_api() and update_api().

2025-08-31 23:19:36 +00:00 · 2018-07-19 11:33:45 +08:00
parent e5ae34bef7
commit 5cc3ed84e9
1 changed files with 35 additions and 1 deletions
--- a/server/upload-file.c
+++ b/server/upload-file.c
@@ -521,7 +521,20 @@ upload_api_cb(evhtp_request_t *req, void *arg)
    int replace = 0;
    int rc;

-     if (evhtp_request_get_method(req) == htp_method_OPTIONS) {
+    evhtp_headers_add_header (req->headers_out,
+                              evhtp_header_new("Access-Control-Allow-Headers",
+                                               "x-requested-with, content-type, accept, origin, authorization", 1, 1));
+    evhtp_headers_add_header (req->headers_out,
+                              evhtp_header_new("Access-Control-Allow-Methods",
+                                               "GET, POST, PUT, PATCH, DELETE, OPTIONS", 1, 1));
+    evhtp_headers_add_header (req->headers_out,
+                              evhtp_header_new("Access-Control-Allow-Origin",
+                                               "*", 1, 1));
+    evhtp_headers_add_header (req->headers_out,
+                              evhtp_header_new("Access-Control-Max-Age",
+                                               "86400", 1, 1));
+
+    if (evhtp_request_get_method(req) == htp_method_OPTIONS) {
        /* If CORS preflight header, then create an empty body response (200 OK)
         * and return it.
         */
@@ -1213,6 +1226,27 @@ update_api_cb(evhtp_request_t *req, void *arg)
    int error_code = ERROR_INTERNAL;
    char *new_file_id = NULL;

+    evhtp_headers_add_header (req->headers_out,
+                              evhtp_header_new("Access-Control-Allow-Headers",
+                                               "x-requested-with, content-type, accept, origin, authorization", 1, 1));
+    evhtp_headers_add_header (req->headers_out,
+                              evhtp_header_new("Access-Control-Allow-Methods",
+                                               "GET, POST, PUT, PATCH, DELETE, OPTIONS", 1, 1));
+    evhtp_headers_add_header (req->headers_out,
+                              evhtp_header_new("Access-Control-Allow-Origin",
+                                               "*", 1, 1));
+    evhtp_headers_add_header (req->headers_out,
+                              evhtp_header_new("Access-Control-Max-Age",
+                                               "86400", 1, 1));
+
+    if (evhtp_request_get_method(req) == htp_method_OPTIONS) {
+        /* If CORS preflight header, then create an empty body response (200 OK)
+         * and return it.
+         */
+        send_success_reply (req);
+        return;
+    }
+
    if (!fsm || fsm->state == RECV_ERROR)
        return;