fix setting CORS headers in demo server

diff --git a/demo/server/server.php b/demo/server/server.php
index fb3827b..7ff956b 100644 (file)
--- a/demo/server/server.php
+++ b/demo/server/server.php
@@ -14,11 +14,14 @@
 // xml-rpc requests (generated via javascript) to this server.
 // Doing so has serious security implications, so we lock it by default to only be enabled on the well-known demo server.
 // If enabling it on your server, you most likely want to set up an allowed domains whitelist, rather than using'*'
-if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS' && $_SERVER['SERVER_ADMIN'] == 'info@altervista.org') {
+if ($_SERVER['SERVER_ADMIN'] == 'info@altervista.org') {
     header("Access-Control-Allow-Origin: *");
     header("Access-Control-Allow-Methods: POST");
+    header("Access-Control-Allow-Headers: Accept, Accept-Charset, Accept-Encoding, Content-Type, User-Agent");
     header("Access-Control-Expose-Headers: Content-Encoding");
-    die();
+    if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
+        die();
+    }
 }
 
 require_once __DIR__ . "/_prepend.php";