From f5461a6a078e127c7bf45b331bf64771945125ae Mon Sep 17 00:00:00 2001 From: Tim L Date: Thu, 16 Nov 2017 12:33:31 -0500 Subject: RPC: CORS add Access-Control-Allow-Headers to OPTIONS preflight --- contrib/epee/include/net/http_protocol_handler.inl | 3 +++ 1 file changed, 3 insertions(+) (limited to 'contrib') diff --git a/contrib/epee/include/net/http_protocol_handler.inl b/contrib/epee/include/net/http_protocol_handler.inl index c3350bf73..c555707ac 100644 --- a/contrib/epee/include/net/http_protocol_handler.inl +++ b/contrib/epee/include/net/http_protocol_handler.inl @@ -639,6 +639,9 @@ namespace net_utils buf += "Access-Control-Allow-Origin: "; buf += m_query_info.m_header_info.m_origin; buf += "\r\n"; + buf += "Access-Control-Expose-Headers: www-authenticate\r\n"; + if (m_query_info.m_http_method == http::http_method_options) + buf += "Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With\r\n"; buf += "Access-Control-Allow-Methods: POST, PUT, GET, OPTIONS\r\n"; } } -- cgit v1.2.3