From: Craig Andrews <candrews@integralblue.com>
Date: Thu, 15 Apr 2010 16:52:59 +0000 (-0400)
Subject: Allow cross-site ajax with CORS.
X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=1081b06bbe10ee5457bd5c53df4561f512c78ded;p=quix0rs-gnu-social.git

Allow cross-site ajax with CORS.

Only allows un-credentialed (as in, no cookies or basic auth), no custom headers, and get (no post, put, delete, etc) requests.
---

diff --git a/lib/apiaction.php b/lib/apiaction.php
index 5245c7ef60..d5580abd3a 100644
--- a/lib/apiaction.php
+++ b/lib/apiaction.php
@@ -102,6 +102,7 @@ class ApiAction extends Action
 
     function handle($args)
     {
+        header('Access-Control-Allow-Origin: *');
         parent::handle($args);
     }