HTTPUpdateServer Allow external POSTS (CORS) (#6824)

* HTTPUpdateServer Allow external POSTS (CORS) * Format Updates - POST HTTPUpdateServer Co-authored-by: Joseph Francis <joefran@us.ibm.com>
esp8266 · Jun 27, 2022 · 678a477 · 678a477
1 parent 9668f77
commit 678a477
Showing 1 changed file with 16 additions and 0 deletions.
diff --git a/libraries/ESP8266HTTPUpdateServer/src/ESP8266HTTPUpdateServer-impl.h b/libraries/ESP8266HTTPUpdateServer/src/ESP8266HTTPUpdateServer-impl.h
@@ -59,8 +59,24 @@ void ESP8266HTTPUpdateServerTemplate<ServerType>::setup(ESP8266WebServerTemplate
       _server->send_P(200, PSTR("text/html"), serverIndex);
     });
 
+    // handler for the /update form page - preflight options
+    _server->on(path.c_str(), HTTP_OPTIONS, [&](){
+	    _server->sendHeader("Access-Control-Allow-Headers", "*");
+	    _server->sendHeader("Access-Control-Allow-Origin", "*");
+	    _server->send(200, F("text/html"), String(F("y")));
+    },[&](){
+		_authenticated = (_username == emptyString || _password == emptyString || _server->authenticate(_username.c_str(), _password.c_str()));
+      if(!_authenticated){
+        if (_serial_output)
+          Serial.printf("Unauthenticated Update\n");
+        return;
+      }
+    });
+
     // handler for the /update form POST (once file upload finishes)
     _server->on(path.c_str(), HTTP_POST, [&](){
+	    _server->sendHeader("Access-Control-Allow-Headers", "*");
+	    _server->sendHeader("Access-Control-Allow-Origin", "*");
       if(!_authenticated)
         return _server->requestAuthentication();
       if (Update.hasError()) {