Changes fix some CORS problems when making XMLRPC calls from

browsers (which have gotten very picky over the years).
Add "Access-Control-Allow-Origin" to XMLRPC responses.
Add "Access-Control-Allow-Methods" and "Access-Control-Allow-Headers" to
    the HTTP OPTIONS response (used in CORS pre-flight request).
0.9.1.0-post-fixes
Robert Adams 2019-09-17 19:30:30 -07:00
parent 645c0c780d
commit 9956f5cb4a
1 changed files with 4 additions and 0 deletions

View File

@ -1262,6 +1262,7 @@ namespace OpenSim.Framework.Servers.HttpServer
// if the method wasn't found, we can't determine KeepAlive state anyway, so lets do it only here // if the method wasn't found, we can't determine KeepAlive state anyway, so lets do it only here
response.KeepAlive = keepAlive; response.KeepAlive = keepAlive;
response.AddHeader("Access-Control-Allow-Origin", "*");
} }
else else
{ {
@ -1700,6 +1701,9 @@ namespace OpenSim.Framework.Servers.HttpServer
switch (request.HttpMethod) switch (request.HttpMethod)
{ {
case "OPTIONS": case "OPTIONS":
response.AddHeader("Access-Control-Allow-Origin", "*");
response.AddHeader("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT, OPTIONS");
response.AddHeader("Access-Control-Allow-Headers", "Content-Type");
response.StatusCode = (int)OSHttpStatusCode.SuccessOk; response.StatusCode = (int)OSHttpStatusCode.SuccessOk;
return null; return null;