From: gggeek <giunta.gaetano@gmail.com>
Date: Mon, 23 Jan 2023 18:15:16 +0000 (+0000)
Subject: fix setting CORS headers in demo server
X-Git-Tag: 4.10.0~92
X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=2cae291bebcfb5ef19c64d4bfbe00c19e1ea8265;p=plcapi.git

fix setting CORS headers in demo server
---

diff --git a/demo/server/server.php b/demo/server/server.php
index fb3827ba..7ff956bd 100644
--- a/demo/server/server.php
+++ b/demo/server/server.php
@@ -14,11 +14,14 @@
 // xml-rpc requests (generated via javascript) to this server.
 // Doing so has serious security implications, so we lock it by default to only be enabled on the well-known demo server.
 // If enabling it on your server, you most likely want to set up an allowed domains whitelist, rather than using'*'
-if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS' && $_SERVER['SERVER_ADMIN'] == 'info@altervista.org') {
+if ($_SERVER['SERVER_ADMIN'] == 'info@altervista.org') {
     header("Access-Control-Allow-Origin: *");
     header("Access-Control-Allow-Methods: POST");
+    header("Access-Control-Allow-Headers: Accept, Accept-Charset, Accept-Encoding, Content-Type, User-Agent");
     header("Access-Control-Expose-Headers: Content-Encoding");
-    die();
+    if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
+        die();
+    }
 }
 
 require_once __DIR__ . "/_prepend.php";