Menu
▾
▴
#197 Could there be an option enable cross site javascript access
I'm using aria2 rpc with my own Chrome extension, but Chrome (and most modern browser) doesn't accept cross site XHR (XML HTTP Request) to aria2 JSON RPC since the location of Chrome extension is treated as a NULL ORIGIN.
I've found a way for bypassing the limit, just add a HTTP header to the aria2 response as: Access-Control-Allow-Origin: *
I've also tried it by patching the HttpServer.cc in aria2, here is the patch:
diff --git a/src/HttpServer.cc b/src/HttpServer.cc
index 31893c9..0a32905 100644
--- a/src/HttpServer.cc
+++ b/src/HttpServer.cc
@@ -165,6 +165,10 @@ void HttpServer::feedResponse(const std::string& status,
strappend(header, "Content-Length: ", util::uitos(text.size()), "\r\n",
"Expires: ", httpDate, "\r\n",
"Cache-Control: no-cache\r\n");
+
- // added for cross site XHR access
- header += "Access-Control-Allow-Origin: *\r\n";
+
if(supportsGZip()) {
header += "Content-Encoding: gzip\r\n";
}
But for the security reason, I think it's better that we could turn it on/off by a command line option.
Thank you for the patch. I agree that it it is better to add option to toggle this function.
I'm new to this "Access-Control-Allow-Origin" header field. So after some study, I'll apply the patch to upstream.
In upstream, --rpc-allow-origin-all option was added to enable/disable this feature.