+ /*
+ * Add "Cross-origin resource sharing" (CORS) headers if enabled
+ */
+ if (NULL != csp->config->cors_allowed_origin)
+ {
+ enlist_unique_header(rsp->headers, "Access-Control-Allow-Origin",
+ strdup_or_die(csp->config->cors_allowed_origin));
+ enlist_unique_header(rsp->headers, "Access-Control-Allow-Methods", "GET,POST");
+ enlist_unique_header(rsp->headers, "Access-Control-Allow-Headers", "X-Requested-With");
+ enlist_unique_header(rsp->headers, "Access-Control-Max-Age", "86400");
+ }
+