me-no-dev/ESPAsyncWebServer
1
0
Fork 1
mirror of https://github.com/me-no-dev/ESPAsyncWebServer.git synced 2025-09-28 23:30:55 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix CORS Middleware

Browse Source
This commit is contained in:
Mathieu Carbou
2024-09-25 01:33:22 +02:00
parent eacf0eb474
commit 2e65ee60df
2 changed files with 28 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/ESPAsyncWebServer.h
View File

@@ -745,6 +745,8 @@ class CorsMiddleware : public AsyncMiddleware {
void setAllowCredentials(bool credentials) { _credentials = credentials; } void setAllowCredentials(bool credentials) { _credentials = credentials; }
void setMaxAge(uint32_t seconds) { _maxAge = seconds; } void setMaxAge(uint32_t seconds) { _maxAge = seconds; }
void addCORSHeaders(AsyncWebServerResponse* response);
void run(AsyncWebServerRequest* request, ArMiddlewareNext next); void run(AsyncWebServerRequest* request, ArMiddlewareNext next);
private: private:

34
src/Middlewares.cpp
View File

@@ -58,16 +58,34 @@ void LoggingMiddleware::run(AsyncWebServerRequest* request, ArMiddlewareNext nex
} }
} }
void CorsMiddleware::addCORSHeaders(AsyncWebServerResponse* response) {
response->addHeader(F("Access-Control-Allow-Origin"), _origin.c_str());
response->addHeader(F("Access-Control-Allow-Methods"), _methods.c_str());
response->addHeader(F("Access-Control-Allow-Headers"), _headers.c_str());
response->addHeader(F("Access-Control-Allow-Credentials"), _credentials ? F("true") : F("false"));
response->addHeader(F("Access-Control-Max-Age"), String(_maxAge).c_str());
}
void CorsMiddleware::run(AsyncWebServerRequest* request, ArMiddlewareNext next) { void CorsMiddleware::run(AsyncWebServerRequest* request, ArMiddlewareNext next) {
if (request->method() == HTTP_OPTIONS && request->hasHeader(F("Origin"))) { // Origin header ? => CORS handling
AsyncWebServerResponse* response = request->beginResponse(200); if (request->hasHeader(F("Origin"))) {
response->addHeader(F("Access-Control-Allow-Origin"), _origin.c_str()); // check if this is a preflight request => handle it and return
response->addHeader(F("Access-Control-Allow-Methods"), _methods.c_str()); if (request->method() == HTTP_OPTIONS) {
response->addHeader(F("Access-Control-Allow-Headers"), _headers.c_str()); AsyncWebServerResponse* response = request->beginResponse(200);
response->addHeader(F("Access-Control-Allow-Credentials"), _credentials ? F("true") : F("false")); addCORSHeaders(response);
response->addHeader(F("Access-Control-Max-Age"), String(_maxAge).c_str()); request->send(response);
request->send(response); return;
}
// CORS request, no options => let the request pass and add CORS headers after
next();
AsyncWebServerResponse* response = request->getResponse();
if (response) {
addCORSHeaders(response);
}
} else { } else {
// NO Origin header => no CORS handling
next(); next();
} }
} }