diff options
author | Robert Adams | 2019-09-17 19:30:30 -0700 |
---|---|---|
committer | Robert Adams | 2019-09-17 19:30:30 -0700 |
commit | 9956f5cb4a5a3e4dcc38ac09324fafa93939ea76 (patch) | |
tree | 1e1a8ec3ed1596b3eb5aa5014f0f1822964559d3 | |
parent | add a extra lenght check (diff) | |
download | opensim-SC-9956f5cb4a5a3e4dcc38ac09324fafa93939ea76.zip opensim-SC-9956f5cb4a5a3e4dcc38ac09324fafa93939ea76.tar.gz opensim-SC-9956f5cb4a5a3e4dcc38ac09324fafa93939ea76.tar.bz2 opensim-SC-9956f5cb4a5a3e4dcc38ac09324fafa93939ea76.tar.xz |
Changes fix some CORS problems when making XMLRPC calls from
browsers (which have gotten very picky over the years).
Add "Access-Control-Allow-Origin" to XMLRPC responses.
Add "Access-Control-Allow-Methods" and "Access-Control-Allow-Headers" to
the HTTP OPTIONS response (used in CORS pre-flight request).
-rw-r--r-- | OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs b/OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs index 52a4d92..562032d 100644 --- a/OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs +++ b/OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs | |||
@@ -1262,6 +1262,7 @@ namespace OpenSim.Framework.Servers.HttpServer | |||
1262 | 1262 | ||
1263 | // if the method wasn't found, we can't determine KeepAlive state anyway, so lets do it only here | 1263 | // if the method wasn't found, we can't determine KeepAlive state anyway, so lets do it only here |
1264 | response.KeepAlive = keepAlive; | 1264 | response.KeepAlive = keepAlive; |
1265 | response.AddHeader("Access-Control-Allow-Origin", "*"); | ||
1265 | } | 1266 | } |
1266 | else | 1267 | else |
1267 | { | 1268 | { |
@@ -1700,6 +1701,9 @@ namespace OpenSim.Framework.Servers.HttpServer | |||
1700 | switch (request.HttpMethod) | 1701 | switch (request.HttpMethod) |
1701 | { | 1702 | { |
1702 | case "OPTIONS": | 1703 | case "OPTIONS": |
1704 | response.AddHeader("Access-Control-Allow-Origin", "*"); | ||
1705 | response.AddHeader("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT, OPTIONS"); | ||
1706 | response.AddHeader("Access-Control-Allow-Headers", "Content-Type"); | ||
1703 | response.StatusCode = (int)OSHttpStatusCode.SuccessOk; | 1707 | response.StatusCode = (int)OSHttpStatusCode.SuccessOk; |
1704 | return null; | 1708 | return null; |
1705 | 1709 | ||