Allow range in CORS, add P256

2022-01-16 12:00:40 +01:00 · 2022-01-16 12:00:40 +01:00 · 59101110a4
parent 561f7f2c74
commit 59101110a4
1 changed files with 5 additions and 5 deletions
--- a/OrbitalBeat.go
+++ b/OrbitalBeat.go
@ -71,11 +71,10 @@ var sha256Statement *sql.Stmt
 var md5Statement *sql.Stmt
 var fdlimit int

-var messageCacheLimit int
-
 var objectCacheMutex sync.RWMutex
 var objectCache = make(map[cid.Cid]*ContentCacheEntry)

+var messageCacheLimit int
 var messageCacheMutex sync.RWMutex
 var messageCache = make(map[string]*ContentMessage)

@ -146,13 +145,13 @@ func isASCII(s string) bool {

 func setOtherHeaders(w http.ResponseWriter) {
 	w.Header().Set("Server", "OrbitalBeat")
-	w.Header().Set("Vary", "Content-Encoding") //Firefox caps this to 86400, Chrome to 7200. Default is 5 seconds (!!!)
+	w.Header().Set("Vary", "Content-Encoding")
 }
 func setCORSHeaders(w http.ResponseWriter) {
 	w.Header().Set("Access-Control-Allow-Credentials", "true")
 	w.Header().Set("Access-Control-Max-Age", "7200") //Firefox caps this to 86400, Chrome to 7200. Default is 5 seconds (!!!)
 	w.Header().Set("Access-Control-Allow-Methods", "GET,HEAD,OPTIONS")
-	w.Header().Set("Access-Control-Allow-Headers", "DNT,Origin,Accept,Accept-Language")
+	w.Header().Set("Access-Control-Allow-Headers", "DNT,ETag,Origin,Accept,Accept-Language,X-Requested-With,Range")
 	w.Header().Set("Access-Control-Allow-Origin", "*")
 	w.Header().Set("Access-Control-Expose-Headers", "*")
 }
@ -279,6 +278,7 @@ func handle(w http.ResponseWriter, r *http.Request) {
 	}
 }

+//TODO: move this to a library
 type ContentMessage struct {
 	Version            uint64
 	PublicKey          ed25519.PublicKey
@ -603,8 +603,8 @@ func main() {
 			MaxVersion: 0, //max supported, currently TLS 1.3
 			CurvePreferences: []tls.CurveID{
 				tls.X25519,
+				tls.CurveP256,
 				tls.CurveP384,
-				//tls.CurveP256,
 			},
 			CipherSuites: []uint16{
 				tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,