From 2cae291bebcfb5ef19c64d4bfbe00c19e1ea8265 Mon Sep 17 00:00:00 2001
From: gggeek <giunta.gaetano@gmail.com>
Date: Mon, 23 Jan 2023 18:15:16 +0000
Subject: [PATCH] fix setting CORS headers in demo server

---
 demo/server/server.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/demo/server/server.php b/demo/server/server.php
index fb3827ba..7ff956bd 100644
--- a/demo/server/server.php
+++ b/demo/server/server.php
@@ -14,11 +14,14 @@
 // xml-rpc requests (generated via javascript) to this server.
 // Doing so has serious security implications, so we lock it by default to only be enabled on the well-known demo server.
 // If enabling it on your server, you most likely want to set up an allowed domains whitelist, rather than using'*'
-if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS' && $_SERVER['SERVER_ADMIN'] == 'info@altervista.org') {
+if ($_SERVER['SERVER_ADMIN'] == 'info@altervista.org') {
     header("Access-Control-Allow-Origin: *");
     header("Access-Control-Allow-Methods: POST");
+    header("Access-Control-Allow-Headers: Accept, Accept-Charset, Accept-Encoding, Content-Type, User-Agent");
     header("Access-Control-Expose-Headers: Content-Encoding");
-    die();
+    if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
+        die();
+    }
 }
 
 require_once __DIR__ . "/_prepend.php";
-- 
2.47.0