Made Origin header choosing logic more clear

CrowCpp · Jan 27, 2025 · 9d00070 · 9d00070
1 parent aca74a6
commit 9d00070
Showing 1 changed file with 15 additions and 6 deletions.
diff --git a/include/crow/middlewares/cors.h b/include/crow/middlewares/cors.h
@@ -127,16 +127,25 @@ namespace crow
             set_header_no_override("Access-Control-Allow-Headers", headers_, res);
             set_header_no_override("Access-Control-Expose-Headers", exposed_headers_, res);
             set_header_no_override("Access-Control-Max-Age", max_age_, res);
+
+            bool origin_set = false;
+
             if (req.method != HTTPMethod::Options)
             {
-                if (allow_credentials_) set_header_no_override("Access-Control-Allow-Credentials", "true", res);
-                if (allow_credentials_ && origin_ == "*")
-                    set_header_no_override("Access-Control-Allow-Origin", req.get_header_value("Origin"), res);
-                else
-                    set_header_no_override("Access-Control-Allow-Origin", origin_, res);
+                if (allow_credentials_)
+                {
+                    set_header_no_override("Access-Control-Allow-Credentials", "true", res);
+                    if (origin_ == "*")
+                    {
+                        set_header_no_override("Access-Control-Allow-Origin", req.get_header_value("Origin"), res);
+                        origin_set = true;
+                    }
+                }
             }
-            else
+
+            if( !origin_set){
                 set_header_no_override("Access-Control-Allow-Origin", origin_, res);
+            }
         }
 
         bool ignore_ = false;