mirror of
https://github.com/codeninjasllc/discourse.git
synced 2024-11-30 10:58:31 -05:00
Enable CORS requests to pass necessary headers.
To fully enable session deletion over CORS we need support for passing the `X-Requested-With` header so that these requests can pass the `check-xhr` filter. I also allowed the `X-CSRF-Token` to enable the alternative CSRF passing syntax.
This commit is contained in:
parent
635b31af7b
commit
60aa52b753
1 changed files with 2 additions and 1 deletions
|
@ -29,7 +29,8 @@ if GlobalSetting.enable_cors
|
|||
end
|
||||
|
||||
headers['Access-Control-Allow-Origin'] = origin || cors_origins[0]
|
||||
headers['Access-Control-Allow-Credentials'] = "true"
|
||||
headers['Access-Control-Allow-Headers'] = 'X-Requested-With, X-CSRF-Token'
|
||||
headers['Access-Control-Allow-Credentials'] = 'true'
|
||||
end
|
||||
|
||||
headers
|
||||
|
|
Loading…
Reference in a new issue