MCPcopy Create free account
hub / github.com/Icinga/icinga2 / HandleAccessControl

Function HandleAccessControl

lib/remote/httpserverconnection.cpp:233–275  ·  view source on GitHub ↗

Source from the content-addressed store, hash-verified

231}
232
233static inline
234bool HandleAccessControl(
235 const HttpApiRequest& request,
236 HttpApiResponse& response,
237 boost::asio::yield_context& yc
238)
239{
240 namespace http = boost::beast::http;
241
242 auto listener (ApiListener::GetInstance());
243
244 if (listener) {
245 auto headerAllowOrigin (listener->GetAccessControlAllowOrigin());
246
247 if (headerAllowOrigin) {
248 auto allowedOrigins (headerAllowOrigin->ToSet<String>());
249
250 if (!allowedOrigins.empty()) {
251 auto& origin (request[http::field::origin]);
252
253 if (allowedOrigins.find(std::string(origin)) != allowedOrigins.end()) {
254 response.set(http::field::access_control_allow_origin, origin);
255 }
256
257 response.set(http::field::access_control_allow_credentials, "true");
258
259 if (request.method() == http::verb::options && !request[http::field::access_control_request_method].empty()) {
260 response.result(http::status::ok);
261 response.set(http::field::access_control_allow_methods, "GET, POST, PUT, DELETE");
262 response.set(http::field::access_control_allow_headers, "Authorization, Content-Type, X-HTTP-Method-Override");
263 response.body() << "Preflight OK";
264 response.set(http::field::connection, "close");
265
266 response.Flush(yc);
267
268 return false;
269 }
270 }
271 }
272 }
273
274 return true;
275}
276
277static inline
278bool EnsureAcceptHeader(

Callers 1

ProcessMessagesMethod · 0.85

Calls 4

findMethod · 0.80
emptyMethod · 0.45
endMethod · 0.45
FlushMethod · 0.45

Tested by

no test coverage detected