Correctly set Access-Control-Allow-Headers

2025-03-13 11:35:51 +01:00 · 2019-02-02 15:51:38 +09:00 · 2019-02-02 15:51:38 +09:00 · 3725a5b644
commit 3725a5b644
parent c84c0ac64d
1 changed files with 4 additions and 2 deletions
--- a/BTCPayServer/Hosting/BTCpayMiddleware.cs
+++ b/BTCPayServer/Hosting/BTCpayMiddleware.cs
@ -42,8 +42,10 @@ namespace BTCPayServer.Hosting
                {
                    httpContext.Response.StatusCode = 200;
                    httpContext.Response.SetHeader("Access-Control-Allow-Origin", "*");
-                    httpContext.Response.SetHeader("Access-Control-Allow-Headers", "*");
-                    httpContext.Response.SetHeader("Access-Control-Allow-Methods", "*");
+                    if (httpContext.Request.Headers.ContainsKey("Access-Control-Request-Headers"))
+                    {
+                        httpContext.Response.SetHeader("Access-Control-Allow-Headers", httpContext.Request.Headers["Access-Control-Request-Headers"].FirstOrDefault());
+                    }
                    return; // We bypass MVC completely
                }
                httpContext.SetIsBitpayAPI(isBitpayAPI);