You will find these lines in the beginning of HTTaP.h :
#ifndef ACCESS_CONTROL_ALLOW_ORIGIN #ifndef HTTAP_SERVE_FILES #define ACCESS_CONTROL_ALLOW_ORIGIN "Access-Control-Allow-Origin: *\x0d\x0a" #else #define ACCESS_CONTROL_ALLOW_ORIGIN #endif #endif
This code covers two usual situations :
- #define HTTAP_SERVE_FILE :
The server includes the static file server, the browser can fetch files and send HTTaP commands to the same IP address and port, everything is great. No need to declare CORS.
- #undef HTTAP_SERVE_FILE ;
The server doesn't implement the file server : the browser gets the HTML pages from a different IP/port pair and the "Same Origins Policy" enforced by web clients will block HTTaP traffic. You must enable CORS so the HTML/JS files that are served by a different server (maybe Apache, on a different port and IP address) can use this server.
There are other corner cases and you are free to combine the parameters, but you must examine the risks and benefits of each configuration. If you want to override the default behaviour, just define ACCESS_CONTROL_ALLOW_ORIGIN yourself on the compiler's command line for example.