{"Max-Forwards", HDR_MAX_FORWARDS, ftInt64},
{"Mime-Version", HDR_MIME_VERSION, ftStr}, /* for now */
{"Negotiate", HDR_NEGOTIATE, ftStr},
+ {"Origin", HDR_ORIGIN, ftStr},
{"Pragma", HDR_PRAGMA, ftStr},
{"Proxy-Authenticate", HDR_PROXY_AUTHENTICATE, ftStr},
{"Proxy-Authentication-Info", HDR_PROXY_AUTHENTICATION_INFO, ftStr},
HDR_ACCEPT_RANGES, HDR_AGE,
HDR_LOCATION, HDR_MAX_FORWARDS,
HDR_MIME_VERSION, HDR_PUBLIC, HDR_RETRY_AFTER, HDR_SERVER, HDR_SET_COOKIE, HDR_SET_COOKIE2,
+ HDR_ORIGIN,
HDR_VARY,
HDR_WARNING, HDR_PROXY_CONNECTION, HDR_X_CACHE,
HDR_X_CACHE_LOOKUP,
static http_hdr_type RequestHeadersArr[] = {
HDR_AUTHORIZATION, HDR_FROM, HDR_HOST,
HDR_IF_MATCH, HDR_IF_MODIFIED_SINCE, HDR_IF_NONE_MATCH,
- HDR_IF_RANGE, HDR_MAX_FORWARDS, HDR_PROXY_CONNECTION,
+ HDR_IF_RANGE, HDR_MAX_FORWARDS,
+ HDR_ORIGIN,
+ HDR_PROXY_CONNECTION,
HDR_PROXY_AUTHORIZATION, HDR_RANGE, HDR_REFERER, HDR_REQUEST_RANGE,
HDR_USER_AGENT, HDR_X_FORWARDED_FOR, HDR_SURROGATE_CAPABILITY
};
HDR_MIME_VERSION, /**< RFC 2626 */
HDR_NEGOTIATE, /**< experimental RFC 2295. Why only this one from 2295? */
/*HDR_OVERWRITE,*/ /* RFC 2518 */
+ HDR_ORIGIN, /* CORS Draft specification (see http://www.w3.org/TR/cors/) */
HDR_PRAGMA, /**< deprecated RFC 2068,2616 header we may need to erase */
HDR_PROXY_AUTHENTICATE, /**< RFC 2608, 2616, 2617 */
HDR_PROXY_AUTHENTICATION_INFO, /**< RFC 2617 */
*/
rep->header.putAuth("Basic", actionName);
#endif
+ // Allow cachemgr and other XHR scripts access to our version string
+ if (request->header.has(HDR_ORIGIN)) {
+ rep->header.putExt("Access-Control-Allow-Origin",request->header.getStr(HDR_ORIGIN));
+#if HAVE_AUTH_MODULE_BASIC
+ rep->header.putExt("Access-Control-Allow-Credentials","true");
+#endif
+ rep->header.putExt("Access-Control-Expose-Headers","Server");
+ }
/* store the reply */
entry->replaceHttpReply(rep);
return;
}
+ if (request->header.has(HDR_ORIGIN)) {
+ cmd->params.httpOrigin = request->header.getStr(HDR_ORIGIN);
+ }
+
debugs(16, 2, "CacheManager: " <<
userName << "@" <<
client << " requesting '" <<
if (writeHttpHeader) {
HttpReply *rep = new HttpReply;
rep->setHeaders(HTTP_OK, NULL, "text/plain", -1, squid_curtime, squid_curtime);
+ // Allow cachemgr and other XHR scripts access to our version string
+ const ActionParams ¶ms = command().params;
+ if (params.httpOrigin.size() > 0) {
+ rep->header.putExt("Access-Control-Allow-Origin", params.httpOrigin.termedBuf());
+#if HAVE_AUTH_MODULE_BASIC
+ rep->header.putExt("Access-Control-Allow-Credentials","true");
+#endif
+ rep->header.putExt("Access-Control-Expose-Headers","Server");
+ }
entry->replaceHttpReply(rep);
}
httpMethod = static_cast<_method_t>(m);
msg.getPod(httpFlags);
+ msg.getString(httpOrigin);
msg.getString(actionName);
msg.getString(userName);
msg.putString(httpUri);
msg.putInt(httpMethod);
msg.putPod(httpFlags);
+ msg.putString(httpOrigin);
msg.putString(actionName);
msg.putString(userName);
String httpUri; ///< HTTP request URI
_method_t httpMethod; ///< HTTP request method
request_flags httpFlags; ///< HTTP request flags
+ String httpOrigin; ///< HTTP Origin: header (if any)
/* action parameters extracted from the client HTTP request */
String actionName; ///< action name (and credentials realm)
projects / thirdparty / squid.git / commitdiff
