From 76bf25646c2b5703ce182a75038d3326435a4b86 Mon Sep 17 00:00:00 2001
From: Vincent Bernardoff <vb@luminar.eu.org>
Date: Sun, 29 Apr 2018 01:00:00 +0200
Subject: [PATCH] Resto: fix CORS

CORS also requires to send the "Access-Control-Allow-Origin" header on
direct requests or requests following preflight requests.
---
 vendors/ocplib-resto/lib_resto-cohttp/cors.ml | 19 +++++++++++--------
 .../ocplib-resto/lib_resto-cohttp/cors.mli    |  3 +++
 .../ocplib-resto/lib_resto-cohttp/server.ml   |  2 ++
 3 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/vendors/ocplib-resto/lib_resto-cohttp/cors.ml b/vendors/ocplib-resto/lib_resto-cohttp/cors.ml
index 0dfa7a3da..112d28774 100644
--- a/vendors/ocplib-resto/lib_resto-cohttp/cors.ml
+++ b/vendors/ocplib-resto/lib_resto-cohttp/cors.ml
@@ -36,15 +36,18 @@ let find_matching_origin allowed_origins origin =
   | [] -> None
   | x :: _ -> Some x
 
+let add_allow_origin headers cors origin_header =
+  match origin_header with
+  | None -> headers
+  | Some origin ->
+      match find_matching_origin cors.allowed_origins origin with
+      | None -> headers
+      | Some allowed_origin ->
+          Cohttp.Header.add headers
+            "Access-Control-Allow-Origin" allowed_origin
+
 let add_headers headers cors origin_header =
   let cors_headers =
     Cohttp.Header.add_multi headers
       "Access-Control-Allow-Headers" cors.allowed_headers in
-  match origin_header with
-  | None -> cors_headers
-  | Some origin ->
-      match find_matching_origin cors.allowed_origins origin with
-      | None -> cors_headers
-      | Some allowed_origin ->
-          Cohttp.Header.add_multi cors_headers
-            "Access-Control-Allow-Origin" [allowed_origin]
+  add_allow_origin cors_headers cors origin_header
diff --git a/vendors/ocplib-resto/lib_resto-cohttp/cors.mli b/vendors/ocplib-resto/lib_resto-cohttp/cors.mli
index c1c17da6b..688a3d87c 100644
--- a/vendors/ocplib-resto/lib_resto-cohttp/cors.mli
+++ b/vendors/ocplib-resto/lib_resto-cohttp/cors.mli
@@ -14,6 +14,9 @@ type t = {
 
 val default: t
 
+val add_allow_origin:
+  Cohttp.Header.t -> t -> string option -> Cohttp.Header.t
+
 val add_headers:
   Cohttp.Header.t -> t -> string option -> Cohttp.Header.t
 
diff --git a/vendors/ocplib-resto/lib_resto-cohttp/server.ml b/vendors/ocplib-resto/lib_resto-cohttp/server.ml
index 5c3ebd49c..74b4db501 100644
--- a/vendors/ocplib-resto/lib_resto-cohttp/server.ml
+++ b/vendors/ocplib-resto/lib_resto-cohttp/server.ml
@@ -131,6 +131,8 @@ module Make (Encoding : Resto.ENCODING)(Log : LOGGING) = struct
           let headers = Header.init () in
           let headers =
             Header.add headers "content-type" output_content_type in
+          let headers = Cors.add_allow_origin
+              headers server.cors (Header.get req_headers "origin") in
           begin
             match s.types.input with
             | Service.No_input ->