ProductOpener::HTTP - utility functions around http (handling headers, cookies, redirect, etc.)
ProductOpener::Web consists of functions used only in OpenFoodFacts website for different tasks.
The module implements http utilities to use in different part of the code.
FIXME: a lot of functions in Display.pm should be moved here.
We handle CORS headers from Perl code, NGINX should not interfere. So this is the central place for it.
Some parts needs to be more strict than others (eg. auth).
Whether we should add the Access-Control-Allow-Credential header, should be used with caution. We will effectively put the headers only if subdomains matches.
We need to send the header Access-Control-Allow-Credentials=true so that websites such has hunger.openfoodfacts.org that send a query to world.openfoodfacts.org/cgi/auth.pl can read the resulting response.
If true tells to restrict Access to main domain, that is domain.tld (eg. openfoodfacts.org) It defaults to False, but as a precaution, setting $allow_credentials to True turns it to True, if allow-credentials is given.
Reference to a Hashmap with headers.
This function write cors_headers in response.
see get_cors_headers to see how they are computed and parameters
This function sets a header in the response.
This function writes the headers in the response.