Update private network preflight (#357)

During initial testing, the original fix was working, but in subsequent testing, these additional headers were required to allow Chrome to redirect to the loopback server successfully.
okta · Mar 22, 2024 · 4313799 · 4313799
1 parent 0e83a81
commit 4313799
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/Sources/AppAuth/macOS/OKTRedirectHTTPHandler.m b/Sources/AppAuth/macOS/OKTRedirectHTTPHandler.m
@@ -141,6 +141,13 @@ - (void)HTTPConnection:(HTTPConnection *)conn didReceiveRequest:(HTTPServerReque
                                                             200,
                                                             NULL,
                                                             kCFHTTPVersion1_1);
+    CFStringRef origin = CFHTTPMessageCopyHeaderFieldValue(mess.request, (__bridge CFStringRef)@"Origin");
+    CFHTTPMessageSetHeaderFieldValue(response,
+                                     (__bridge CFStringRef)@"Access-Control-Allow-Origin",
+                                     origin);
+    CFHTTPMessageSetHeaderFieldValue(response,
+                                     (__bridge CFStringRef)@"Access-Control-Allow-Credentials",
+                                     (__bridge CFStringRef)@"true");
     CFHTTPMessageSetHeaderFieldValue(response,
                                      (__bridge CFStringRef)@"Access-Control-Allow-Private-Network",
                                      (__bridge CFStringRef)@"true");
@@ -149,7 +156,7 @@ - (void)HTTPConnection:(HTTPConnection *)conn didReceiveRequest:(HTTPServerReque
                                      (__bridge CFStringRef)@"0");
     [mess setResponse:response];
     CFRelease(response);
-      return;
+    return;
   }
 
   // Sends URL to AppAuth.