From 184866532aac9fafb99af0a32455dfc27c749bd3 Mon Sep 17 00:00:00 2001
From: Jordan Bancino <jordan@bancino.net>
Date: Wed, 14 Sep 2022 17:15:05 -0400
Subject: [PATCH] Spec: Implement CORS

---
 src/Matrix.c | 25 ++++++++++++++++++++++---
 1 file changed, 22 insertions(+), 3 deletions(-)

diff --git a/src/Matrix.c b/src/Matrix.c
index 878e95f..ca4775b 100644
--- a/src/Matrix.c
+++ b/src/Matrix.c
@@ -54,15 +54,34 @@ MatrixHttpHandler(HttpServerContext * context, void *argp)
     }
     LogConfigUnindent(lc);
 
-
     HttpResponseStatus(context, HTTP_OK);
     HttpResponseHeader(context, "Server", "Telodendria v" TELODENDRIA_VERSION);
     HttpResponseHeader(context, "Content-Type", "application/json");
 
-    HttpSendHeaders(context);
+    /* CORS */
+    HttpResponseHeader(context, "Access-Control-Allow-Origin", "*");
+    HttpResponseHeader(context, "Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
+    HttpResponseHeader(context, "Access-Control-Allow-Headers", "X-Requested-With, Content-Type, Authorization");
 
+    /*
+     * Web Browser Clients: Servers MUST expect that clients will approach them
+     * with OPTIONS requests... the server MUST NOT perform any logic defined
+     * for the endpoints when approached with an OPTIONS request.
+     */
+    if (HttpRequestMethodGet(context) == HTTP_OPTIONS)
+    {
+        HttpResponseStatus(context, HTTP_NO_CONTENT);
+        HttpSendHeaders(context);
+
+        goto finish;
+    }
+
+	HttpSendHeaders(context);
+	stream = HttpStream(context);
+	fprintf(stream, "{}\n");
+
+finish:
     stream = HttpStream(context);
-    fprintf(stream, "{}\n");
     fclose(stream);
 
     LogConfigUnindent(lc);