danielmarschall
commented
10 months ago Searching the whole code for ACCESS-CONTROL, I can find two instances:
OIDplusPagePublicObjects::restApiCall_OPTIONS()originHeaders(), located in functions.inc.php
Editing functions.inc.php and adding "TEST" to the output of originHeaders() shows that a normal call to webwhois.php only calls originHeaders() once. Maybe you can do the same, to verify that originHeaders() is only called once. If it is only called once, please search your code base for the header name, e.g. grep -ir 'ACCESS-CONTROL'
Also, Are you sending JWT credentials using GET/POST, or anything special?
Additional note, I should carefully look at restApiCall_OPTIONS and think about if it can/should be replaced by originHeaders(). There seems to be a bug, see #22 .
I request webwhois.php from outside via javascript and have the error: "Dublicate Allow-Access-Origin Header"
If I uncomment originHeaders(); it works.
Maybe I have an own dirty plugin duplicating the header?
Btw/OT.: As in the guzzle issue: There are also PSR standards for HTTP-Response/Header handling and emitting. (#9)