simplify handling of Allow-Credentials Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/e32b00a2 Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/e32b00a2 Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/e32b00a2 Branch: refs/heads/431-feature-cors Commit: e32b00a286466838136ab41baa4f72bc04379e8e Parents: dd59ddf Author: Jan Lehnardt Authored: Thu Nov 8 22:50:07 2012 +0100 Committer: Jan Lehnardt Committed: Sun Nov 11 16:11:15 2012 +0000 ---------------------------------------------------------------------- src/couchdb/couch_httpd_cors.erl | 37 ++++++++++++++------------------ 1 files changed, 16 insertions(+), 21 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/couchdb/blob/e32b00a2/src/couchdb/couch_httpd_cors.erl ---------------------------------------------------------------------- diff --git a/src/couchdb/couch_httpd_cors.erl b/src/couchdb/couch_httpd_cors.erl index e14917f..c3caa5c 100644 --- a/src/couchdb/couch_httpd_cors.erl +++ b/src/couchdb/couch_httpd_cors.erl @@ -82,14 +82,8 @@ handle_cors_headers(Origin, Host, AcceptedOrigins) -> make_cors_header(Origin, Host) -> - Credentials = credentials(Origin, Host), - [{"Access-Control-Allow-Origin", Origin}] - ++ make_cors_header_credentials(Credentials). - -make_cors_header_credentials(true) -> - [{"Access-Control-Allow-Credentials", "true"}]; -make_cors_header_credentials(false) -> - []. + Headers = [{"Access-Control-Allow-Origin", Origin}], + maybe_add_credentials(Origin, Host, Headers). preflight_request(MochiReq) -> Host = couch_httpd_vhost:host(MochiReq), @@ -130,19 +124,11 @@ handle_preflight_request(Origin, Host, MochiReq) -> % get max age MaxAge = cors_config(Host, "max_age", ?CORS_DEFAULT_MAX_AGE), - PreflightHeaders0 = case credentials(Origin, Host) of - true -> - [{"Access-Control-Allow-Origin", Origin}, - {"Access-Control-Allow-Credentials", "true"}, - {"Access-Control-Max-Age", MaxAge}, - {"Access-Control-Allow-Methods", string:join(SupportedMethods, - ", ")}]; - false -> - [{"Access-Control-Allow-Origin", Origin}, - {"Access-Control-Max-Age", MaxAge}, - {"Access-Control-Allow-Methods", string:join(SupportedMethods, - ", ")}] - end, + PreflightHeaders0 = maybe_add_credentials(Origin, Host, [ + {"Access-Control-Allow-Origin", Origin}, + {"Access-Control-Max-Age", MaxAge}, + {"Access-Control-Allow-Methods", + string:join(SupportedMethods, ", ")}]), case MochiReq:get_header_value("Access-Control-Request-Method") of undefined -> @@ -188,6 +174,15 @@ send_preflight_response(#httpd{mochi_req=MochiReq}=Req, Headers) -> {ok, MochiReq:respond({204, Headers2, <<>>})}. +maybe_add_credentials(Origin, Host, Headers) -> + maybe_add_credentials(Headers, credentials(Origin, Host)). + +maybe_add_credentials(Headers, false) -> + Headers; +maybe_add_credentials(Headers, true) -> + Headers ++ [{"Access-Control-Allow-Credentials", "true"}]. + + credentials("*", _Host) -> false; credentials(_Origin, Host) ->