From fe1f80f6dae782c5e362a9f0ddd4d5e58584c661 Mon Sep 17 00:00:00 2001
From: Mike Taylor <mike@indexdata.com>
Date: Thu, 27 Jun 2013 13:02:13 +0200
Subject: [PATCH] Invoke new mod_perl output-filter SetACAO instead of
 configuring the Access-Control-Allow-Origin header directly
 in the Apache2 configuration file. This allows us to emit
 the name of the origin right back at it, which makes it
 possible to send credentials.

---
 etc/apache2/spclient-live |   10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/etc/apache2/spclient-live b/etc/apache2/spclient-live
index 57c62a7..6bbd3d1 100644
--- a/etc/apache2/spclient-live
+++ b/etc/apache2/spclient-live
@@ -25,7 +25,9 @@
     RewriteLog /var/log/apache2/mkws-rewrite.log 
     RewriteRule /service-proxy-auth /service-proxy/?command=auth&action=login&username=demo&password=demo [P] # [NE,P]
 
-    Header set Access-Control-Allow-Origin "http://somesite.indexdata.com"
+# We want *, but can't use credentials unless we specify a particular origin
+# Instead, we generate the header using mod_perl: see below.
+#    Header set Access-Control-Allow-Origin "http://somesite.indexdata.com"
 #    Header set Access-Control-Allow-Origin "*"
     Header set Access-Control-Allow-Credentials true
 
@@ -43,4 +45,10 @@
     #        PerlInputFilterHandler MyApache2::CopyCookie
     #        PerlOutputFilterHandler MyApache2::CopyCookie
     #    </Location>
+
+    PerlOptions +Parent
+    PerlSwitches -I/home/indexdata/mkws/etc/mod_perl
+    <Location /service-proxy/>
+        PerlOutputFilterHandler MyApache2::SetACAO
+    </Location>
 </VirtualHost>
-- 
1.7.10.4