[Libwebsockets] How to make a http-server which support cross-domain

Mr.zhang zamxqun at 163.com
Tue Aug 3 09:21:02 CEST 2021


Dear Andy:<br/>      Thank you for your help.   English is not my mother tongue.  I speak Chinese.<br/>So I can not fully understand what you have wrote.  I try this:<br/>static const<br/>struct lws_protocol_vhost_options pvo_hsbph[] = { {<br/>	NULL, NULL, "referrer-policy:", "no-referrer"<br/>}, {<br/>	&pvo_hsbph[0], NULL, "x-frame-options:", "deny"<br/>}, {<br/>	&pvo_hsbph[1], NULL, "x-xss-protection:", "1; mode=block"<br/>}, {<br/>	&pvo_hsbph[2], NULL, "x-content-type-options:", "nosniff"<br/>}, {<br/>	&pvo_hsbph[3], NULL, "content-security-policy:",<br/>	"default-src 'none'; img-src 'self' data: ; "<br/>		"script-src 'self'; font-src 'self'; "<br/>		"style-src 'self'; connect-src 'self' ws: wss:; "<br/>		"frame-ancestors 'none'; base-uri 'none';"<br/>		"form-action 'self';"<br/>} ,{<br/>	&pvo_hsbph[4], NULL, "access-control-allow-origin","*"<br/>} };<br/>struct lws_context_creation_info info;<br/>info.headers = &pvo_hsbph[5];<br/><br/>Is this right for access-control-allow-origin?<br/>Best Regards<br/>--Aiming Zhang
At 2021-08-02 20:26:58, "Andy Green" <andy at warmcat.com> wrote:
>
>
>On 8/2/21 12:21 PM, Mr.zhang wrote:
>> Dear:
>>        Please tell me how  to make a http-server which support 
>> cross-domain with libwebsocket.
>> such as  "res.header('Access-Control-Allow-Origin " in other http 
>> server. Thank you
>> .header('Access-Control-Allow-Origin', '*')
>
>You can associate static headers with a vhost, at vhost creation time.
>
>https://libwebsockets.org/git/libwebsockets/tree/include/libwebsockets/lws-context-vhost.h#n299-301
>
>Create a linked-list of pvos containing the header info like this (with 
>whatever headers you want to go out from the vhost)
>
>static const
>struct lws_protocol_vhost_options pvo_hsbph[] = {{
>	NULL, NULL, "referrer-policy:", "no-referrer"
>}, {
>	&pvo_hsbph[0], NULL, "x-frame-options:", "deny"
>}, {
>	&pvo_hsbph[1], NULL, "x-xss-protection:", "1; mode=block"
>}, {
>	&pvo_hsbph[2], NULL, "x-content-type-options:", "nosniff"
>}, {
>	&pvo_hsbph[3], NULL, "content-security-policy:",
>	"default-src 'none'; img-src 'self' data: ; "
>		"script-src 'self'; font-src 'self'; "
>		"style-src 'self'; connect-src 'self' ws: wss:; "
>		"frame-ancestors 'none'; base-uri 'none';"
>		"form-action 'self';"
>}};
>
>Then set the vhost info.headers to, in the example above, &pvo_hsbph[4];
>
>That will cause that set of headers to be added to everything served on 
>the vhost.
>
>-Andy


More information about the Libwebsockets mailing list