Commit 815f47ed authored by Łukasz Nowak's avatar Łukasz Nowak

Fix transition of allowed headers.

Client is sending Access-Control-Request-Headers, server shall respond with
Access-Control-Allow-Headers.
parent db5df828
...@@ -134,10 +134,10 @@ def responseSupport(anonymous=False): ...@@ -134,10 +134,10 @@ def responseSupport(anonymous=False):
def outer(fn): def outer(fn):
def wrapperResponseSupport(self, *args, **kwargs): def wrapperResponseSupport(self, *args, **kwargs):
self.REQUEST.response.setHeader('Content-Type', 'application/json') self.REQUEST.response.setHeader('Content-Type', 'application/json')
allow_headers = self.REQUEST.getHeader('Access-Control-Allow-Headers') request_headers = self.REQUEST.getHeader('Access-Control-Request-Headers')
if allow_headers: if request_headers:
self.REQUEST.response.setHeader('Access-Control-Allow-Headers', self.REQUEST.response.setHeader('Access-Control-Allow-Headers',
allow_headers) request_headers)
self.REQUEST.response.setHeader('Access-Control-Allow-Origin', '*') self.REQUEST.response.setHeader('Access-Control-Allow-Origin', '*')
self.REQUEST.response.setHeader('Access-Control-Allow-Methods', 'DELETE, PUT, POST, ' self.REQUEST.response.setHeader('Access-Control-Allow-Methods', 'DELETE, PUT, POST, '
'GET, OPTIONS') 'GET, OPTIONS')
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment