From 2dabaa3d20d76df8b52dc4b307987fef9fc17a38 Mon Sep 17 00:00:00 2001
From: Theo Arends <11044339+arendst@users.noreply.github.com>
Date: Mon, 28 Oct 2019 13:36:04 +0100
Subject: [PATCH] Add command SetOption73 0/1 to re-enable CORS

Add command SetOption73 0/1 to re-enable HTTP Cross-Origin Resource Sharing (CORS) now default disabled (#6767)
---
 tasmota/_changelog.ino        |  1 +
 tasmota/settings.h            |  6 +++---
 tasmota/xdrv_01_webserver.ino | 13 +++++++++----
 tools/decode-status.py        |  5 +++--
 4 files changed, 16 insertions(+), 9 deletions(-)

diff --git a/tasmota/_changelog.ino b/tasmota/_changelog.ino
index ed3f1607f..dce497fdf 100644
--- a/tasmota/_changelog.ino
+++ b/tasmota/_changelog.ino
@@ -2,6 +2,7 @@
  * 7.0.0.1 20191027
  * Remove references to versions before 6.x
  * Change default GUI to dark theme
+ * Add command SetOption73 0/1 to re-enable HTTP Cross-Origin Resource Sharing (CORS) now default disabled (#6767)
  *
  * 6.7.1.1 20191026
  * Change ArduinoSlave to TasmotaSlave (Experimental)
diff --git a/tasmota/settings.h b/tasmota/settings.h
index 02674b6bc..96bd2e6df 100644
--- a/tasmota/settings.h
+++ b/tasmota/settings.h
@@ -79,14 +79,14 @@ typedef union {                            // Restricted by MISRA-C Rule 18.4 bu
     uint32_t no_power_feedback : 1;        // bit 13 (v6.5.0.9)  - SetOption63 - Don't scan relay power state at restart
     uint32_t use_underscore : 1;           // bit 14 (v6.5.0.12) - SetOption64 - Enable "_" instead of "-" as sensor index separator
     uint32_t fast_power_cycle_disable : 1; // bit 15 (v6.6.0.20) - SetOption65 - Disable fast power cycle detection for device reset
-    uint32_t tuya_serial_mqtt_publish : 1;    // bit 16 (v6.6.0.21)  - SetOption66 - Enable or Disable TuyaMcuReceived messages over Mqtt
+    uint32_t tuya_serial_mqtt_publish : 1; // bit 16 (v6.6.0.21) - SetOption66 - Enable TuyaMcuReceived messages over Mqtt
     uint32_t buzzer_enable : 1;            // bit 17 (v6.6.0.1)  - SetOption67 - Enable buzzer when available
     uint32_t pwm_multi_channels : 1;       // bit 18 (v6.6.0.3)  - SetOption68 - Enable multi-channels PWM instead of Color PWM
-    uint32_t ex_tuya_dimmer_min_limit : 1;    // bit 19 (v6.6.0.5)  - SetOption69 - Limits Tuya dimmers to minimum of 10% (25) when enabled.
+    uint32_t ex_tuya_dimmer_min_limit : 1; // bit 19 (v6.6.0.5)  - SetOption69 - Limits Tuya dimmers to minimum of 10% (25) when enabled.
     uint32_t energy_weekend : 1;           // bit 20 (v6.6.0.8)  - CMND_TARIFF
     uint32_t dds2382_model : 1;            // bit 21 (v6.6.0.14) - SetOption71 - Select different Modbus registers for Active Energy (#6531)
     uint32_t hardware_energy_total : 1;    // bit 22 (v6.6.0.15) - SetOption72 - Enable / Disable hardware energy total counter as reference (#6561)
-    uint32_t spare23 : 1;
+    uint32_t cors_enabled : 1;             // bit 23 (v7.0.0.1)  - SetOption73 - Enable HTTP CORS
     uint32_t spare24 : 1;
     uint32_t spare25 : 1;
     uint32_t spare26 : 1;
diff --git a/tasmota/xdrv_01_webserver.ino b/tasmota/xdrv_01_webserver.ino
index cab654c91..648dca783 100644
--- a/tasmota/xdrv_01_webserver.ino
+++ b/tasmota/xdrv_01_webserver.ino
@@ -667,14 +667,19 @@ bool HttpCheckPriviledgedAccess(bool autorequestauth = true)
   return true;
 }
 
+void HttpHeaderCors(void)
+{
+  if (Settings.flag3.cors_enabled) {
+    WebServer->sendHeader(F("Access-Control-Allow-Origin"), F("*"));
+  }
+}
+
 void WSHeaderSend(void)
 {
   WebServer->sendHeader(F("Cache-Control"), F("no-cache, no-store, must-revalidate"));
   WebServer->sendHeader(F("Pragma"), F("no-cache"));
   WebServer->sendHeader(F("Expires"), F("-1"));
-#ifndef ARDUINO_ESP8266_RELEASE_2_3_0
-  WebServer->sendHeader(F("Access-Control-Allow-Origin"), F("*"));
-#endif
+  HttpHeaderCors();
 }
 
 /**********************************************************************************************
@@ -2273,7 +2278,7 @@ void HandleUploadLoop(void)
 
 void HandlePreflightRequest(void)
 {
-  WebServer->sendHeader(F("Access-Control-Allow-Origin"), F("*"));
+  HttpHeaderCors();
   WebServer->sendHeader(F("Access-Control-Allow-Methods"), F("GET, POST"));
   WebServer->sendHeader(F("Access-Control-Allow-Headers"), F("authorization"));
   WSSend(200, CT_HTML, "");
diff --git a/tools/decode-status.py b/tools/decode-status.py
index fcf65c7db..f360de701 100755
--- a/tools/decode-status.py
+++ b/tools/decode-status.py
@@ -119,13 +119,14 @@ a_setoption = [[
     "Do not scan relay power state at restart",
     "Use _ instead of - as sensor index separator",
     "Disable fast power cycle detection for device reset",
-    "(not used) Disable Dimmer range 255 slider control",
+    "Enable TuyaMcuReceived messages over Mqtt",
     "Enable buzzer when available",
     "Enable multi-channels PWM instead of Color PWM",
     "(not used) Limits Tuya MCU dimmers to minimum of 10% (25) when enabled",
     "Enable Weekend Energy Tariff",
     "Select different Modbus registers for Active Energy",
-    "","",
+    "Enable HTTP CORS",
+    "",
     "","","","",
     "","",
     "Enable shutter support",