| 231 | } |
| 232 | |
| 233 | static inline |
| 234 | bool HandleAccessControl( |
| 235 | const HttpApiRequest& request, |
| 236 | HttpApiResponse& response, |
| 237 | boost::asio::yield_context& yc |
| 238 | ) |
| 239 | { |
| 240 | namespace http = boost::beast::http; |
| 241 | |
| 242 | auto listener (ApiListener::GetInstance()); |
| 243 | |
| 244 | if (listener) { |
| 245 | auto headerAllowOrigin (listener->GetAccessControlAllowOrigin()); |
| 246 | |
| 247 | if (headerAllowOrigin) { |
| 248 | auto allowedOrigins (headerAllowOrigin->ToSet<String>()); |
| 249 | |
| 250 | if (!allowedOrigins.empty()) { |
| 251 | auto& origin (request[http::field::origin]); |
| 252 | |
| 253 | if (allowedOrigins.find(std::string(origin)) != allowedOrigins.end()) { |
| 254 | response.set(http::field::access_control_allow_origin, origin); |
| 255 | } |
| 256 | |
| 257 | response.set(http::field::access_control_allow_credentials, "true"); |
| 258 | |
| 259 | if (request.method() == http::verb::options && !request[http::field::access_control_request_method].empty()) { |
| 260 | response.result(http::status::ok); |
| 261 | response.set(http::field::access_control_allow_methods, "GET, POST, PUT, DELETE"); |
| 262 | response.set(http::field::access_control_allow_headers, "Authorization, Content-Type, X-HTTP-Method-Override"); |
| 263 | response.body() << "Preflight OK"; |
| 264 | response.set(http::field::connection, "close"); |
| 265 | |
| 266 | response.Flush(yc); |
| 267 | |
| 268 | return false; |
| 269 | } |
| 270 | } |
| 271 | } |
| 272 | } |
| 273 | |
| 274 | return true; |
| 275 | } |
| 276 | |
| 277 | static inline |
| 278 | bool EnsureAcceptHeader( |
no test coverage detected