darkhttpd

Commit Graph

Author	SHA1	Message	Date
André Kugland	defc1e8ce9	Custom headers with the CLI option `--header` (#28 ) These changes add a command-line option --header, e.g. --header 'Access-Control-Allow-Origin: *'. Basic tests are included for this option. When accepting the argument, a very simple sanitization is made, the string is required to contain ": ", and can’t contain a '\n' character. These checks are far from what is required to truly validate a HTTP header, but will at least detect simple mistakes and forbid the abuse of having arguments that include more than one header, or, worse, that include a body for the response (after "\r\n\r\n"). This should also close the Issue #16 and PR #27, I think, since CORS functionality can be obtained by specifying a custom header.	2022-12-06 21:46:52 +11:00

Author

SHA1

Message

Date

André Kugland

defc1e8ce9

Custom headers with the CLI option `--header` (#28 )

These changes add a command-line option --header, e.g. --header 'Access-Control-Allow-Origin: *'.

Basic tests are included for this option.

When accepting the argument, a very simple sanitization is made, the string is required to contain ": ", and can’t contain a '\n' character. These checks are far from what is required to truly validate a HTTP header, but will at least detect simple mistakes and forbid the abuse of having arguments that include more than one header, or, worse, that include a body for the response (after "\r\n\r\n").

This should also close the Issue #16 and PR #27, I think, since CORS functionality can be obtained by specifying a custom header.

2022-12-06 21:46:52 +11:00

1 Commits