|
@@ -1666,7 +1666,7 @@ begin
|
|
|
end
|
|
end
|
|
|
else
|
|
else
|
|
|
begin
|
|
begin
|
|
|
- IO.Response.SetCustomHeader('Access-Control-Allow-Origin',ResolvedCORSAllowedOrigins);
|
|
|
|
|
|
|
+ IO.Response.SetCustomHeader('Access-Control-Allow-Origin',ResolvedCORSAllowedOrigins(IO.Request));
|
|
|
S:=IO.Resource.GetHTTPAllow;
|
|
S:=IO.Resource.GetHTTPAllow;
|
|
|
IO.Response.SetCustomHeader('Access-Control-Allow-Methods',S);
|
|
IO.Response.SetCustomHeader('Access-Control-Allow-Methods',S);
|
|
|
IO.Response.SetCustomHeader('Access-Control-Allow-Headers','x-requested-with, content-type, authorization');
|
|
IO.Response.SetCustomHeader('Access-Control-Allow-Headers','x-requested-with, content-type, authorization');
|
|
@@ -1706,7 +1706,7 @@ begin
|
|
|
Conn.OnLog:[email protected];
|
|
Conn.OnLog:[email protected];
|
|
|
end;
|
|
end;
|
|
|
if (rdoHandleCORS in DispatchOptions) then
|
|
if (rdoHandleCORS in DispatchOptions) then
|
|
|
- IO.Response.SetCustomHeader('Access-Control-Allow-Origin',ResolvedCORSAllowedOrigins);
|
|
|
|
|
|
|
+ IO.Response.SetCustomHeader('Access-Control-Allow-Origin',ResolvedCORSAllowedOrigins(IO.Request));
|
|
|
if not AuthenticateRequest(IO,True) then
|
|
if not AuthenticateRequest(IO,True) then
|
|
|
exit;
|
|
exit;
|
|
|
if Not CheckResourceAccess(IO) then
|
|
if Not CheckResourceAccess(IO) then
|
michael