Closed michele closed 6 years ago
Even though the standard allows us to use * in Access-Control-Allow-Headers, most clients seem not to support this.
*
Access-Control-Allow-Headers
The way to actually allow any header, is to set Access-Control-Allow-Headers to match Access-Control-Request-Headers and this PR reflects this.
Access-Control-Request-Headers
Hope it's worthy of a merge.
Even though the standard allows us to use
*inAccess-Control-Allow-Headers, most clients seem not to support this.The way to actually allow any header, is to set
Access-Control-Allow-Headersto matchAccess-Control-Request-Headersand this PR reflects this.Hope it's worthy of a merge.