Deactivate CORS related headers

This commit is contained in:
Michael 2021-06-09 07:42:23 +00:00
parent 58a513cb30
commit c9b66d6e28

View file

@ -267,11 +267,13 @@ class Module
if ($server['REQUEST_METHOD'] === Router::OPTIONS) { if ($server['REQUEST_METHOD'] === Router::OPTIONS) {
header('HTTP/1.1 204 No Content'); header('HTTP/1.1 204 No Content');
header('access-control-allow-credentials: true'); header('Allow: ' . implode(',', Router::ALLOWED_METHODS));
header('access-control-allow-headers: Authorization,Content-Type'); // Deactivated until we know about possible side effects
header('access-control-allow-methods: ' . implode(',', Router::ALLOWED_METHODS)); // header('Access-Control-Allow-Credentials: true');
header('access-control-allow-origin: *'); // header('Access-Control-Allow-Headers: Authorization,Content-Type');
header('access-control-max-age: 86400'); // header('Access-Control-Allow-Methods: ' . implode(',', Router::ALLOWED_METHODS));
// header('Access-Control-Allow-Origin: ' . DI::baseUrl());
// header('Access-Control-Max-Age: 86400');
exit(); exit();
} }