[mythtv-firehose] mythtv branch master updated by bmeek. v29-pre-95-g5292483

Git Repo Owner noreply at mythtv.org
Fri Jun 24 17:11:26 UTC 2016


The branch, master has been updated on the
mythtv repository by gitolite user bmeek.
       via  5292483764357d86f6dc2b155b262c2c072748da (commit)
      from  e7deca28e8e52f4dd6463b92cc49c22f6745e6ad (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 5292483764357d86f6dc2b155b262c2c072748da
Author:    Bill Meek <bmeek at mythtv.org> at Fri, 24 Jun 2016 12:04:21 -0500
Committer: Bill Meek <bmeek at mythtv.org> at Fri, 24 Jun 2016 12:04:21 -0500
URL:       http://code.mythtv.org/cgit/mythtv/commit/?id=5292483764357d86f6dc2b155b262c2c072748da

HTTP Server: Provide additional CORS support
This commit adds a new AllowedOriginsList setting that
stores a comma separated list of Origins. If the setting
is missing, the list defaults to:

    https://chromecast.mythtv.org
    http://chromecast.mythtvcast.com

Access-Control-Allow -Credentials and -Headers were also
added to the response to support Chromecast.

A TODO item is closed by adding the hostname to
the existing list of IP addresses (no change in
the ports checked.)

Note that previously, if ResponseTypeFile was found, the
CORS header wasn't being added. This caused the Chromecast
feature to fail.

There is no GUI. Clients have the ability to change the value
with the Services API. May need to rethink using settings as
this is a security risk.

For example, it a valid Origin exists in the request, the
following will appear in the response:

    Access-Control-Allow-Origin: https://example.com
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Headers: Content-Type

If there is no match, an existing critical log will fire:

    Cross-origin request received with origin (https://example.net)

Missing http://, https:// or a '*' character in list entries will
be ignored, and the following will be logged:

    Illegal AllowedOriginsList entry '*'. Must start with http[s]:// and not be *



-----------------------------------------------------------------------

Summary of changes:
 mythtv/libs/libmythupnp/httprequest.cpp |  172 +++++++++++++++++++-----------
 mythtv/libs/libmythupnp/httprequest.h   |   55 +++++-----
 2 files changed, 137 insertions(+), 90 deletions(-)

-- 



More information about the mythtv-firehose mailing list