Close

When to enable CORS

A project log for micro HTTP server in C

Connect your browser to your smart devices, using a minimalist HTTP compliant server written in POSIX/C

Yann Guidon / YGDESYann Guidon / YGDES 03/31/2017 at 22:340 Comments

You will find these lines in the beginning of HTTaP.h :

#ifndef  ACCESS_CONTROL_ALLOW_ORIGIN
  #ifndef HTTAP_SERVE_FILES
    #define ACCESS_CONTROL_ALLOW_ORIGIN "Access-Control-Allow-Origin: *\x0d\x0a"
  #else
    #define ACCESS_CONTROL_ALLOW_ORIGIN
  #endif
#endif

This code covers two usual situations :

There are other corner cases and you are free to combine the parameters, but you must examine the risks and benefits of each configuration. If you want to override the default behaviour, just define ACCESS_CONTROL_ALLOW_ORIGIN yourself on the compiler's command line for example.

Discussions