Fix http cross domain issues

2026-06-14 20:15:58 +08:00 · 2024-01-27 21:29:10 +08:00
parent 56bdb14baf
commit cfe9a31ca6
2 changed files with 5 additions and 2 deletions
--- a/src/Http/HttpSession.cpp
+++ b/src/Http/HttpSession.cpp
@@ -65,6 +65,7 @@ ssize_t HttpSession::onRecvHeader(const char *header, size_t len) {

    _parser.parse(header, len);
    CHECK(_parser.url()[0] == '/');
+    _origin = _parser["Origin"];

    urlDecode(_parser);
    auto &cmd = _parser.method();
@@ -606,8 +607,8 @@ void HttpSession::sendResponse(int code,
    headerOut.emplace("Connection", bClose ? "close" : "keep-alive");

    GET_CONFIG(bool, allow_cross_domains, Http::kAllowCrossDomains);
-    if (allow_cross_domains) {
-        headerOut.emplace("Access-Control-Allow-Origin", "*");
+    if (allow_cross_domains && !_origin.empty()) {
+        headerOut.emplace("Access-Control-Allow-Origin", _origin);
        headerOut.emplace("Access-Control-Allow-Credentials", "true");
    }