3diy
/
moonraker
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

authorization: set private network CORS header 

In the future, an `Access-Control-Request-Private-Network` header will be sent with
 these requests, and servers must respond with `Access-Control-Allow-Private-Network`.

This will start with the next Chrome version (104), and Mozilla has marked the
 standard as "worth prototyping", which often leads to final implementation.

Signed-off-by: Franklyn Tackitt <git@frank.af>
This commit is contained in:
Frank Tackitt 2022-07-19 11:25:18 -07:00 committed by GitHub
parent 9fea1634b1
commit 7cd29c068d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
moonraker/components/authorization.py
View File

@ -799,6 +799,11 @@ class Authorization:
"Origin, Accept, Content-Type, X-Requested-With, " "Origin, Accept, Content-Type, X-Requested-With, "
"X-CRSF-Token, Authorization, X-Access-Token, " "X-CRSF-Token, Authorization, X-Access-Token, "
"X-Api-Key") "X-Api-Key")
if req_hdlr.request.headers.get(
"Access-Control-Request-Private-Network", None) == "true":
req_hdlr.set_header(
"Access-Control-Allow-Private-Network",
"true")
def cors_enabled(self) -> bool: def cors_enabled(self) -> bool:
return self.cors_domains is not None return self.cors_domains is not None