From f6ac39ade5c08e65c07d622bad6becac00eef834 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=80=81=E8=A1=B2=E4=B8=8D=E5=87=BA=E5=AE=B6?= Date: Fri, 12 May 2023 11:47:22 +0800 Subject: [PATCH] =?UTF-8?q?=E6=96=B0=E5=A2=9E=E5=85=81=E8=AE=B8=E6=89=80?= =?UTF-8?q?=E6=9C=89=E8=B7=A8=E5=9F=9F=E8=AF=B7=E6=B1=82=E9=85=8D=E7=BD=AE?= =?UTF-8?q?=E9=A1=B9=20(#2449)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 配置项为http.allow_cross_domains --- conf/config.ini | 2 ++ src/Common/config.cpp | 2 ++ src/Common/config.h | 2 ++ src/Http/HttpSession.cpp | 9 +++++++-- 4 files changed, 13 insertions(+), 2 deletions(-) diff --git a/conf/config.ini b/conf/config.ini index 8950b299..d2b2c0dd 100644 --- a/conf/config.ini +++ b/conf/config.ini @@ -230,6 +230,8 @@ forbidCacheSuffix= #可以把http代理前真实客户端ip放在http头中:https://github.com/ZLMediaKit/ZLMediaKit/issues/1388 #切勿暴露此key,否则可能导致伪造客户端ip forwarded_ip_header= +#默认允许所有跨域请求 +allow_cross_domains=1 [multicast] #rtp组播截止组播ip地址 diff --git a/src/Common/config.cpp b/src/Common/config.cpp index cae98d55..1654c61c 100644 --- a/src/Common/config.cpp +++ b/src/Common/config.cpp @@ -159,6 +159,7 @@ const string kNotFound = HTTP_FIELD "notFound"; const string kDirMenu = HTTP_FIELD "dirMenu"; const string kForbidCacheSuffix = HTTP_FIELD "forbidCacheSuffix"; const string kForwardedIpHeader = HTTP_FIELD "forwarded_ip_header"; +const string kAllowCrossDomains = HTTP_FIELD "allow_cross_domains"; static onceToken token([]() { mINI::Instance()[kSendBufSize] = 64 * 1024; @@ -186,6 +187,7 @@ static onceToken token([]() { << endl; mINI::Instance()[kForbidCacheSuffix] = ""; mINI::Instance()[kForwardedIpHeader] = ""; + mINI::Instance()[kAllowCrossDomains] = 1; }); } // namespace Http diff --git a/src/Common/config.h b/src/Common/config.h index 146c6067..ea874d64 100644 --- a/src/Common/config.h +++ b/src/Common/config.h @@ -246,6 +246,8 @@ extern const std::string kDirMenu; extern const std::string kForbidCacheSuffix; // 可以把http代理前真实客户端ip放在http头中:https://github.com/ZLMediaKit/ZLMediaKit/issues/1388 extern const std::string kForwardedIpHeader; +// 是否允许所有跨域请求 +extern const std::string kAllowCrossDomains; } // namespace Http ////////////SHELL配置/////////// diff --git a/src/Http/HttpSession.cpp b/src/Http/HttpSession.cpp index a990f98b..c1a045f6 100644 --- a/src/Http/HttpSession.cpp +++ b/src/Http/HttpSession.cpp @@ -39,8 +39,13 @@ void HttpSession::Handle_Req_HEAD(ssize_t &content_len){ void HttpSession::Handle_Req_OPTIONS(ssize_t &content_len) { KeyValue header; - header.emplace("Allow", "GET, POST, OPTIONS"); - header.emplace("Access-Control-Allow-Origin", "*"); + header.emplace("Allow", "GET, POST, HEAD, OPTIONS"); + GET_CONFIG(bool, allow_cross_domains, Http::kAllowCrossDomains); + if (allow_cross_domains) { + header.emplace("Access-Control-Allow-Origin", "*"); + header.emplace("Access-Control-Allow-Headers", "*"); + header.emplace("Access-Control-Allow-Methods", "GET, POST, HEAD, OPTIONS"); + } header.emplace("Access-Control-Allow-Credentials", "true"); header.emplace("Access-Control-Request-Methods", "GET, POST, OPTIONS"); header.emplace("Access-Control-Request-Headers", "Accept,Accept-Language,Content-Language,Content-Type");