From e87f0312937e52b6d21b2fedc9c2c8fb23bde483 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=88=98=E7=A5=A5=E8=B6=85?= Date: Thu, 29 Dec 2022 17:16:42 +0800 Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0CORS=E8=87=AA=E9=80=82?= =?UTF-8?q?=E5=BA=94=E8=B7=A8=E5=9F=9F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- internal/nodes/http_request.go | 32 +++++++++++++++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) diff --git a/internal/nodes/http_request.go b/internal/nodes/http_request.go index 35049b8..e8f744e 100644 --- a/internal/nodes/http_request.go +++ b/internal/nodes/http_request.go @@ -1556,7 +1556,7 @@ func (this *HTTPRequest) processRequestHeaders(reqHeader http.Header) { } // 是否已删除 - if this.web.ResponseHeaderPolicy.ContainsDeletedHeader(header.Name) { + if this.web.RequestHeaderPolicy.ContainsDeletedHeader(header.Name) { continue } @@ -1694,6 +1694,36 @@ func (this *HTTPRequest) processResponseHeaders(responseHeader http.Header, stat responseHeader[header.Name] = []string{headerValue} } } + + // CORS + if this.web.ResponseHeaderPolicy.CORS != nil && this.web.ResponseHeaderPolicy.CORS.IsOn { + var corsConfig = this.web.ResponseHeaderPolicy.CORS + + // Allow-Origin + if len(corsConfig.AllowOrigin) == 0 { + var origin = this.RawReq.Header.Get("Origin") + if len(origin) > 0 { + responseHeader.Set("Access-Control-Allow-Origin", origin) + } + } else { + responseHeader.Set("Access-Control-Allow-Origin", corsConfig.AllowOrigin) + } + + // Allow-Methods + if len(corsConfig.AllowMethods) == 0 { + responseHeader.Set("Access-Control-Allow-Methods", "PUT, GET, POST, DELETE, HEAD, OPTIONS") + } else { + responseHeader.Set("Access-Control-Allow-Methods", strings.Join(corsConfig.AllowMethods, ", ")) + } + + // Max-Age + if corsConfig.MaxAge > 0 { + responseHeader.Set("Access-Control-Max-Age", types.String(corsConfig.MaxAge)) + } + + // Allow-Credentials + responseHeader.Set("Access-Control-Allow-Credentials", "true") + } } // HSTS