From 5112e90616e7c17400107e7a6dffac7f92cbbfe2 Mon Sep 17 00:00:00 2001 From: Bryce Kahle Date: Mon, 13 Oct 2014 20:23:44 -0400 Subject: [PATCH 1/3] Add CORS headers to eventsource --- src/trans-eventsource.coffee | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/trans-eventsource.coffee b/src/trans-eventsource.coffee index 170cc79f..16f81e3b 100644 --- a/src/trans-eventsource.coffee +++ b/src/trans-eventsource.coffee @@ -20,7 +20,18 @@ class EventSourceReceiver extends transport.ResponseReceiver exports.app = eventsource: (req, res) -> + if !req.headers['origin'] or req.headers['origin'] is 'null' + origin = '*' + else + origin = req.headers['origin'] res.setHeader('Content-Type', 'text/event-stream; charset=UTF-8') + res.setHeader('Access-Control-Allow-Origin', origin) + res.setHeader('Vary', 'Origin') + headers = req.headers['access-control-request-headers'] + if headers + res.setHeader('Access-Control-Allow-Headers', headers) + res.setHeader('Access-Control-Allow-Credentials', 'true') + res.writeHead(200) # Opera needs one more new line at the start. res.write('\r\n') From 4eaa6f59a73ee955fa8d405fb4af78db6cecec73 Mon Sep 17 00:00:00 2001 From: Bryce Kahle Date: Tue, 14 Oct 2014 11:01:51 -0400 Subject: [PATCH 2/3] Fix usage of Access-Control-Allow-Credentials --- src/trans-eventsource.coffee | 4 ++-- src/trans-xhr.coffee | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/trans-eventsource.coffee b/src/trans-eventsource.coffee index 16f81e3b..d56a441e 100644 --- a/src/trans-eventsource.coffee +++ b/src/trans-eventsource.coffee @@ -24,14 +24,14 @@ exports.app = origin = '*' else origin = req.headers['origin'] + res.setHeader('Access-Control-Allow-Credentials', 'true') res.setHeader('Content-Type', 'text/event-stream; charset=UTF-8') res.setHeader('Access-Control-Allow-Origin', origin) res.setHeader('Vary', 'Origin') headers = req.headers['access-control-request-headers'] if headers res.setHeader('Access-Control-Allow-Headers', headers) - res.setHeader('Access-Control-Allow-Credentials', 'true') - + res.writeHead(200) # Opera needs one more new line at the start. res.write('\r\n') diff --git a/src/trans-xhr.coffee b/src/trans-xhr.coffee index 056782e0..793f7235 100644 --- a/src/trans-xhr.coffee +++ b/src/trans-xhr.coffee @@ -61,12 +61,12 @@ exports.app = origin = '*' else origin = req.headers['origin'] + res.setHeader('Access-Control-Allow-Credentials', 'true') res.setHeader('Access-Control-Allow-Origin', origin) res.setHeader('Vary', 'Origin') headers = req.headers['access-control-request-headers'] if headers res.setHeader('Access-Control-Allow-Headers', headers) - res.setHeader('Access-Control-Allow-Credentials', 'true') return content xhr_poll: (req, res, _, next_filter) -> From d3b6c0626761f18c354255df68d51fcbeed90286 Mon Sep 17 00:00:00 2001 From: Bryce Kahle Date: Tue, 14 Oct 2014 11:06:17 -0400 Subject: [PATCH 3/3] Remove charset from even source. Spec says it is always utf-8. --- src/trans-eventsource.coffee | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/trans-eventsource.coffee b/src/trans-eventsource.coffee index d56a441e..d1d81145 100644 --- a/src/trans-eventsource.coffee +++ b/src/trans-eventsource.coffee @@ -25,7 +25,7 @@ exports.app = else origin = req.headers['origin'] res.setHeader('Access-Control-Allow-Credentials', 'true') - res.setHeader('Content-Type', 'text/event-stream; charset=UTF-8') + res.setHeader('Content-Type', 'text/event-stream') res.setHeader('Access-Control-Allow-Origin', origin) res.setHeader('Vary', 'Origin') headers = req.headers['access-control-request-headers']