Allow cross-site ajax with CORS.

Only allows un-credentialed (as in, no cookies or basic auth), no custom headers, and get (no post, put, delete, etc) requests.

diff --git a/lib/apiaction.php b/lib/apiaction.php
index 5245c7ef609e619de240b09d7dacf78a5e9bab5e..d5580abd3a28945c72b35a798cf86215f4b96b13 100644 (file)
--- a/lib/apiaction.php
+++ b/lib/apiaction.php
@@ -102,6 +102,7 @@ class ApiAction extends Action
 
     function handle($args)
     {
+        header('Access-Control-Allow-Origin: *');
         parent::handle($args);
     }