diff --git a/BTCPayServer/Hosting/BTCpayMiddleware.cs b/BTCPayServer/Hosting/BTCpayMiddleware.cs index 063809a7a..9ff1c3332 100644 --- a/BTCPayServer/Hosting/BTCpayMiddleware.cs +++ b/BTCPayServer/Hosting/BTCpayMiddleware.cs @@ -42,8 +42,10 @@ namespace BTCPayServer.Hosting { httpContext.Response.StatusCode = 200; httpContext.Response.SetHeader("Access-Control-Allow-Origin", "*"); - httpContext.Response.SetHeader("Access-Control-Allow-Headers", "*"); - httpContext.Response.SetHeader("Access-Control-Allow-Methods", "*"); + if (httpContext.Request.Headers.ContainsKey("Access-Control-Request-Headers")) + { + httpContext.Response.SetHeader("Access-Control-Allow-Headers", httpContext.Request.Headers["Access-Control-Request-Headers"].FirstOrDefault()); + } return; // We bypass MVC completely } httpContext.SetIsBitpayAPI(isBitpayAPI);