http: add configurable cors origin

diff --git a/src/config.c b/src/config.c
index 48f45c5a3bf51f56dd2200f84a91efb4fd5aad5f..e1f250c2115d664a639c67ae80aaadfed89ca4ee 100644 (file)
--- a/src/config.c
+++ b/src/config.c
@@ -1646,6 +1646,7 @@ void config_done ( void )
   free(config.muxconf_path);
   free(config.chicon_path);
   free(config.picon_path);
+  free(config.cors_origin);
   file_unlock(config_lock, config_lock_fd);
 }
 
@@ -1669,6 +1670,38 @@ static void config_class_save(idnode_t *self)
   config_save();
 }
 
+static int
+config_class_cors_origin_set ( void *o, const void *v )
+{
+  const char *s = v;
+  url_t u;
+
+  while (s && *s && *s <= ' ')
+    s++;
+  if (*s == '*') {
+    prop_sbuf[0] = '*';
+    prop_sbuf[1] = '\0';
+  } else {
+    memset(&u, 0, sizeof(u));
+    urlparse(s, &u);
+    if (u.scheme && (!strcmp(u.scheme, "http") || !strcmp(u.scheme, "https")) && u.host) {
+      if (u.port)
+        snprintf(prop_sbuf, PROP_SBUF_LEN, "%s://%s:%d", u.scheme, u.host, u.port);
+      else
+        snprintf(prop_sbuf, PROP_SBUF_LEN, "%s://%s", u.scheme, u.host);
+    } else {
+      prop_sbuf[0] = '\0';
+    }
+    urlreset(&u);
+  }
+  if (strcmp(prop_sbuf, config.cors_origin ?: "")) {
+    free(config.cors_origin);
+    config.cors_origin = strdup(prop_sbuf);
+    return 1;
+  }
+  return 0;
+}
+
 static const void *
 config_class_language_get ( void *o )
 {
@@ -1752,6 +1785,14 @@ const idclass_t config_class = {
       .off    = offsetof(config_t, server_name),
       .group  = 1
     },
+    {
+      .type   = PT_STR,
+      .id     = "cors_origin",
+      .name   = N_("HTTP CORS Origin"),
+      .set    = config_class_cors_origin_set,
+      .off    = offsetof(config_t, cors_origin),
+      .group  = 1
+    },
     {
       .type   = PT_STR,
       .islist = 1,

diff --git a/src/config.h b/src/config.h
index 74ec98e2f044638fb64592632a3ff867fe1b0d57..ab15c3703a0ccc88ad341f7b18245550279e29ad 100644 (file)
--- a/src/config.h
+++ b/src/config.h
@@ -40,6 +40,7 @@ typedef struct config {
   int tvhtime_update_enabled;
   int tvhtime_ntp_enabled;
   uint32_t tvhtime_tolerance;
+  char *cors_origin;
 } config_t;
 
 extern const idclass_t config_class;

diff --git a/src/http.c b/src/http.c
index 54df47b2b4741bd8eef55e7af7a85af84149626a..d132f13729197a37e3a487a88a1ac7807aaa63c9 100644 (file)
--- a/src/http.c
+++ b/src/http.c
@@ -38,6 +38,7 @@
 #include "access.h"
 #include "notify.h"
 #include "channels.h"
+#include "config.h"
 
 #if ENABLE_ANDROID
 #include <sys/socket.h>
@@ -237,9 +238,11 @@ http_send_header(http_connection_t *hc, int rc, const char *content,
 
   if (hc->hc_version != RTSP_VERSION_1_0){
     htsbuf_qprintf(&hdrs, "Server: HTS/tvheadend\r\n");
-    htsbuf_qprintf(&hdrs, "Access-Control-Allow-Origin: *\r\n");
-    htsbuf_qprintf(&hdrs, "Access-Control-Allow-Methods: POST, GET\r\n");
-    htsbuf_qprintf(&hdrs, "Access-Control-Allow-Headers: x-requested-with\r\n");
+    if (config.cors_origin && config.cors_origin[0]) {
+      htsbuf_qprintf(&hdrs, "Access-Control-Allow-Origin: %s\r\n", config.cors_origin);
+      htsbuf_qprintf(&hdrs, "Access-Control-Allow-Methods: POST, GET\r\n");
+      htsbuf_qprintf(&hdrs, "Access-Control-Allow-Headers: x-requested-with\r\n");
+    }
   }
   
   if(maxage == 0) {