Committer: vtroitsky
LJSUP-11268: Support Cross-Origin Resource Sharing for LJ XMLRPC API, http://www.w3.org/TR/cors/ U trunk/cgi-bin/Apache/LiveJournal.pm
Modified: trunk/cgi-bin/Apache/LiveJournal.pm
===================================================================
--- trunk/cgi-bin/Apache/LiveJournal.pm 2012-02-21 11:19:23 UTC (rev 21226)
+++ trunk/cgi-bin/Apache/LiveJournal.pm 2012-02-21 13:50:45 UTC (rev 21227)
@@ -309,6 +309,17 @@
LJ::Request->init($r);
}
+ # Move the following into the special OPTIONS Handler in case of appearence more OPTIONS stuff
+ if (LJ::Request->method_number == LJ::Request->M_OPTIONS && LJ::Request->uri =~ m!^/interface/xmlrpc! ) {
+ if (LJ::Request->header_in('Origin') && LJ::Request->header_in('Access-Control-Request-Method') && LJ::Request->header_in('Access-Control-Request-Headers')) {
+ # response to preflight request, see http://www.w3.org/TR/cors/
+ LJ::Request->header_out('Access-Control-Allow-Origin' => '*');
+ LJ::Request->header_out('Access-Control-Allow-Methods' => 'POST');
+ LJ::Request->header_out('Access-Control-Allow-Headers' => LJ::Request->header_in('Access-Control-Request-Headers') || 'origin, content-type');
+ }
+ return LJ::Request::DECLINED;
+ }
+
# don't deal with subrequests or OPTIONS
return LJ::Request::DECLINED
if ! LJ::Request->is_main || LJ::Request->method_number == LJ::Request->M_OPTIONS;
@@ -2197,6 +2208,7 @@
if ($RQ{'interface'} eq "xmlrpc") {
return LJ::Request::NOT_FOUND unless LJ::ModuleCheck->have('XMLRPC::Transport::HTTP');
+ LJ::Request->header_out("Access-Control-Allow-Origin",'*') if(LJ::Request->header_in('Origin'));
my $server = XMLRPC::Transport::HTTP::Apache
-> on_action(sub { die "Access denied\n" if $_[2] =~ /:|\'/ })
-> dispatch_to('LJ::XMLRPC')
