Add command SetOption73 0/1 to re-enable CORS

Add command SetOption73 0/1 to re-enable HTTP Cross-Origin Resource Sharing (CORS) now default disabled (#6767)

tasmota/_changelog.ino

@@ -2,6 +2,7 @@
  * 7.0.0.1 20191027
  * Remove references to versions before 6.x
  * Change default GUI to dark theme
+ * Add command SetOption73 0/1 to re-enable HTTP Cross-Origin Resource Sharing (CORS) now default disabled (#6767)
  *
  * 6.7.1.1 20191026
  * Change ArduinoSlave to TasmotaSlave (Experimental)

tasmota/settings.h

@@ -79,14 +79,14 @@ typedef union {                            // Restricted by MISRA-C Rule 18.4 bu
     uint32_t no_power_feedback : 1;        // bit 13 (v6.5.0.9)  - SetOption63 - Don't scan relay power state at restart
     uint32_t use_underscore : 1;           // bit 14 (v6.5.0.12) - SetOption64 - Enable "_" instead of "-" as sensor index separator
     uint32_t fast_power_cycle_disable : 1; // bit 15 (v6.6.0.20) - SetOption65 - Disable fast power cycle detection for device reset
-    uint32_t tuya_serial_mqtt_publish : 1;    // bit 16 (v6.6.0.21)  - SetOption66 - Enable or Disable TuyaMcuReceived messages over Mqtt
+    uint32_t tuya_serial_mqtt_publish : 1; // bit 16 (v6.6.0.21) - SetOption66 - Enable TuyaMcuReceived messages over Mqtt
     uint32_t buzzer_enable : 1;            // bit 17 (v6.6.0.1)  - SetOption67 - Enable buzzer when available
     uint32_t pwm_multi_channels : 1;       // bit 18 (v6.6.0.3)  - SetOption68 - Enable multi-channels PWM instead of Color PWM
     uint32_t ex_tuya_dimmer_min_limit : 1; // bit 19 (v6.6.0.5)  - SetOption69 - Limits Tuya dimmers to minimum of 10% (25) when enabled.
     uint32_t energy_weekend : 1;           // bit 20 (v6.6.0.8)  - CMND_TARIFF
     uint32_t dds2382_model : 1;            // bit 21 (v6.6.0.14) - SetOption71 - Select different Modbus registers for Active Energy (#6531)
     uint32_t hardware_energy_total : 1;    // bit 22 (v6.6.0.15) - SetOption72 - Enable / Disable hardware energy total counter as reference (#6561)
-    uint32_t spare23 : 1;
+    uint32_t cors_enabled : 1;             // bit 23 (v7.0.0.1)  - SetOption73 - Enable HTTP CORS
     uint32_t spare24 : 1;
     uint32_t spare25 : 1;
     uint32_t spare26 : 1;

tasmota/xdrv_01_webserver.ino

@@ -667,14 +667,19 @@ bool HttpCheckPriviledgedAccess(bool autorequestauth = true)
   return true;
 }
 
+void HttpHeaderCors(void)
+{
+  if (Settings.flag3.cors_enabled) {
+    WebServer->sendHeader(F("Access-Control-Allow-Origin"), F("*"));
+  }
+}
+
 void WSHeaderSend(void)
 {
   WebServer->sendHeader(F("Cache-Control"), F("no-cache, no-store, must-revalidate"));
   WebServer->sendHeader(F("Pragma"), F("no-cache"));
   WebServer->sendHeader(F("Expires"), F("-1"));
-#ifndef ARDUINO_ESP8266_RELEASE_2_3_0
+  HttpHeaderCors();
-  WebServer->sendHeader(F("Access-Control-Allow-Origin"), F("*"));
-#endif
 }
 
 /**********************************************************************************************
@@ -2273,7 +2278,7 @@ void HandleUploadLoop(void)
 
 void HandlePreflightRequest(void)
 {
-  WebServer->sendHeader(F("Access-Control-Allow-Origin"), F("*"));
+  HttpHeaderCors();
   WebServer->sendHeader(F("Access-Control-Allow-Methods"), F("GET, POST"));
   WebServer->sendHeader(F("Access-Control-Allow-Headers"), F("authorization"));
   WSSend(200, CT_HTML, "");

tools/decode-status.py

@@ -119,13 +119,14 @@ a_setoption = [[
     "Do not scan relay power state at restart",
     "Use _ instead of - as sensor index separator",
     "Disable fast power cycle detection for device reset",
-    "(not used) Disable Dimmer range 255 slider control",
+    "Enable TuyaMcuReceived messages over Mqtt",
     "Enable buzzer when available",
     "Enable multi-channels PWM instead of Color PWM",
     "(not used) Limits Tuya MCU dimmers to minimum of 10% (25) when enabled",
     "Enable Weekend Energy Tariff",
     "Select different Modbus registers for Active Energy",
-    "","",
+    "Enable HTTP CORS",
+    "",
     "","","","",
     "","",
     "Enable shutter support",