slaprunner: Now support CORS (works with dav)

software/slaprunner/common.cfg

@@ -103,7 +103,7 @@ mode = 0644
 recipe = hexagonit.recipe.download
 url = ${:_profile_base_location_}/httpd_conf.in
 download-only = true
-md5sum = 444399390eb19c7e23dd06593c067b4d
+md5sum = ffbf52ee43e64f58e7a3f64745fd9aab
 filename = httpd_conf.in
 mode = 0644
 

software/slaprunner/httpd_conf.in

@@ -27,6 +27,7 @@ LoadModule dav_module modules/mod_dav.so
 LoadModule dav_fs_module modules/mod_dav_fs.so
 LoadModule cache_module modules/mod_cache.so
 LoadModule file_cache_module modules/mod_file_cache.so
+LoadModule setenvif_module modules/mod_setenvif.so
 
 ErrorLog "{{ parameters.path_error_log }}"
 LogFormat "%h %l %u %t \"%r\" %>s %b" common
@@ -45,6 +46,12 @@ SSLHonorCipherOrder On
 SSLCipherSuite RC4-SHA:HIGH:!ADH
 SSLEngine   On
 
+SetEnvIf Origin "http(s)?://(www\.)?(.*)$" AccessControlAllowOrigin=$0$1
+Header always set Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
+Header set Access-Control-Allow-Credentials "true"
+Header set Access-Control-Allow-Methods "PROPFIND, PROPPATCH, COPY, MOVE, DELETE, MKCOL, LOCK, UNLOCK, PUT, GETLIB, VERSION-CONTROL, CHECKIN, CHECKOUT, UNCHECKOUT, REPORT, UPDATE, CANCELUPLOAD, HEAD, OPTIONS, GET, POST"
+Header set Access-Control-Allow-Headers "Overwrite, Destination, Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control, Authorization"
+
 Alias /public {{ parameters.runner_home }}/public
 <Directory {{ parameters.runner_home }}/public>
     Order Allow,Deny
@@ -69,7 +76,9 @@ Alias /share {{ parameters.runner_home }}
     AuthType Basic
     AuthName "webdav"
     AuthUserFile "{{ parameters.etc_dir }}/.htpasswd"
+    <LimitExcept OPTIONS>
         Require valid-user
+    </LimitExcept>
 </Directory>
 
 ScriptSock {{ parameters.path_pid }}