Deactivate CORS related headers

author Michael <heluecht@pirati.ca>

Wed, 9 Jun 2021 07:42:23 +0000 (07:42 +0000)

committer Michael <heluecht@pirati.ca>

Wed, 9 Jun 2021 07:42:23 +0000 (07:42 +0000)
author Michael <heluecht@pirati.ca>
Wed, 9 Jun 2021 07:42:23 +0000 (07:42 +0000)
committer Michael <heluecht@pirati.ca>
Wed, 9 Jun 2021 07:42:23 +0000 (07:42 +0000)
diff --git a/src/App/Module.php b/src/App/Module.php

index 8cc4dd7109cafb5aa3e37ba6372f3a8305479a05..4c61b44559d54a1d1fd278e85ed7bef3c422a677 100644 (file)
--- a/src/App/Module.php
+++ b/src/App/Module.php
@@ -267,11 +267,13 @@ class Module
  
                 if ($server['REQUEST_METHOD'] === Router::OPTIONS) {
                         header('HTTP/1.1 204 No Content');
-                       header('access-control-allow-credentials: true');
-                       header('access-control-allow-headers: Authorization,Content-Type');
-                       header('access-control-allow-methods: ' . implode(',', Router::ALLOWED_METHODS));
-                       header('access-control-allow-origin: *');
-                       header('access-control-max-age: 86400');
+                       header('Allow: ' . implode(',', Router::ALLOWED_METHODS));
+                       // Deactivated until we know about possible side effects
+                       // header('Access-Control-Allow-Credentials: true');
+                       // header('Access-Control-Allow-Headers: Authorization,Content-Type');
+                       // header('Access-Control-Allow-Methods: ' . implode(',', Router::ALLOWED_METHODS));
+                       // header('Access-Control-Allow-Origin: ' . DI::baseUrl());
+                       // header('Access-Control-Max-Age: 86400');
                         exit();
                 }
author	Michael <heluecht@pirati.ca>
	Wed, 9 Jun 2021 07:42:23 +0000 (07:42 +0000)
committer	Michael <heluecht@pirati.ca>
	Wed, 9 Jun 2021 07:42:23 +0000 (07:42 +0000)