X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=cgi.c;h=d23d9e656d74ce04d6b3b47741fc0517bbb22047;hp=226017602f61c7531c62eb5e7967f83fd0b0a7b8;hb=1020bde33b499928eb1be70c782422703eeb0e64;hpb=9b1a4d7e6645b3e2987f67fe3d4d22ae617457f7

diff --git a/cgi.c b/cgi.c
index 22601760..d23d9e65 100644
--- a/cgi.c
+++ b/cgi.c
@@ -8,7 +8,7 @@
  *                actual handler functions are declared elsewhere.
  *
  * Copyright   :  Written by and Copyright (C) 2001-2017
- *                members of the Privoxy team. http://www.privoxy.org/
+ *                members of the Privoxy team. https://www.privoxy.org/
  *
  *                Based on the Internet Junkbuster originally written
  *                by and Copyright (C) 1997 Anonymous Coders and
@@ -978,6 +978,9 @@ struct http_response *error_response(struct client_state *csp,
          case SOCKS_5T:
             socks_type = "socks5t-";
             break;
+         case FORWARD_WEBSERVER:
+            socks_type = "webserver-";
+            break;
          default:
             log_error(LOG_LEVEL_FATAL, "Unknown socks type: %d.", fwd->type);
       }
@@ -1585,6 +1588,18 @@ struct http_response *finish_http_response(struct client_state *csp, struct http
       return rsp;
    }
 
+   /*
+    * Add "Cross-origin resource sharing" (CORS) headers if enabled
+    */
+   if (NULL != csp->config->cors_allowed_origin)
+   {
+      enlist_unique_header(rsp->headers, "Access-Control-Allow-Origin",
+         strdup_or_die(csp->config->cors_allowed_origin));
+      enlist_unique_header(rsp->headers, "Access-Control-Allow-Methods", "GET,POST");
+      enlist_unique_header(rsp->headers, "Access-Control-Allow-Headers", "X-Requested-With");
+      enlist_unique_header(rsp->headers, "Access-Control-Max-Age", "86400");
+   }
+
    /*
     * Fill in the HTTP Status, using HTTP/1.1
     * unless the client asked for HTTP/1.0.