From 3b13aaf844f3b61950f437cb339fb881312ecf7b Mon Sep 17 00:00:00 2001 From: Florian Dold Date: Wed, 15 Jan 2020 15:52:12 +0100 Subject: [PATCH] respond with CORS headers for OPTIONS pre-flight request --- src/exchange/taler-exchange-httpd.c | 19 ++++++++++++++----- src/include/taler_mhd_lib.h | 10 ++++++++++ src/mhd/mhd_responses.c | 23 +++++++++++++++++++++++ 3 files changed, 47 insertions(+), 5 deletions(-) diff --git a/src/exchange/taler-exchange-httpd.c b/src/exchange/taler-exchange-httpd.c index e53c04d98..b2c9e4d84 100644 --- a/src/exchange/taler-exchange-httpd.c +++ b/src/exchange/taler-exchange-httpd.c @@ -420,11 +420,20 @@ handle_mhd_request (void *cls, for (unsigned int i = 0; NULL != handlers[i].url; i++) { rh = &handlers[i]; - if ( (0 == strcmp (url, - rh->url)) && - ( (NULL == rh->method) || - (0 == strcmp (method, - rh->method)) ) ) + if (0 != strcmp (url, rh->url)) + continue; + + /* The URL is a match! What we now do depends on the method. */ + + if (0 == strcmp (method, MHD_HTTP_METHOD_OPTIONS)) + { + GNUNET_async_scope_restore (&old_scope); + return TALER_MHD_reply_cors_preflight (connection); + } + + if ( (NULL == rh->method) || + (0 == strcmp (method, + rh->method)) ) { /* FIXME: consider caching 'rh' in '**connection_cls' to avoid repeated lookup! */ diff --git a/src/include/taler_mhd_lib.h b/src/include/taler_mhd_lib.h index c836e4469..966ba6a09 100644 --- a/src/include/taler_mhd_lib.h +++ b/src/include/taler_mhd_lib.h @@ -441,4 +441,14 @@ TALER_MHD_reply_legal (struct MHD_Connection *conn, struct TALER_MHD_Legal *legal); +/** + * Send back a "204 No Content" response with headers + * for the CORS pre-flight request. + * + * @param connection the MHD connection + * @return MHD result code + */ +int +TALER_MHD_reply_cors_preflight (struct MHD_Connection *connection); + #endif diff --git a/src/mhd/mhd_responses.c b/src/mhd/mhd_responses.c index a8c159300..d26f533e7 100644 --- a/src/mhd/mhd_responses.c +++ b/src/mhd/mhd_responses.c @@ -267,6 +267,29 @@ TALER_MHD_reply_json (struct MHD_Connection *connection, } +/** + * Send back a "204 No Content" response with headers + * for the CORS pre-flight request. + * + * @param connection the MHD connection + * @return MHD result code + */ +int +TALER_MHD_reply_cors_preflight (struct MHD_Connection *connection) +{ + struct MHD_Response *resp; + + GNUNET_assert (NULL != (resp = MHD_create_response_from_buffer (0, NULL, + MHD_RESPMEM_PERSISTENT))); + /* This adds the Access-Control-Allow-Origin header. + * All endpoints of the exchange allow CORS. */ + TALER_MHD_add_global_headers (resp); + GNUNET_assert (MHD_YES == MHD_queue_response (connection, MHD_HTTP_NO_CONTENT, + resp)); + return MHD_YES; +} + + /** * Function to call to handle the request by building a JSON * reply from a format string and varargs.