From 3725a5b64457c2bd8e87c8bd447b28f06291c33e Mon Sep 17 00:00:00 2001
From: "nicolas.dorier" <nicolas.dorier@gmail.com>
Date: Sat, 2 Feb 2019 15:51:38 +0900
Subject: [PATCH] Correctly set Access-Control-Allow-Headers

---
 BTCPayServer/Hosting/BTCpayMiddleware.cs | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/BTCPayServer/Hosting/BTCpayMiddleware.cs b/BTCPayServer/Hosting/BTCpayMiddleware.cs
index 063809a7a..9ff1c3332 100644
--- a/BTCPayServer/Hosting/BTCpayMiddleware.cs
+++ b/BTCPayServer/Hosting/BTCpayMiddleware.cs
@@ -42,8 +42,10 @@ namespace BTCPayServer.Hosting
                 {
                     httpContext.Response.StatusCode = 200;
                     httpContext.Response.SetHeader("Access-Control-Allow-Origin", "*");
-                    httpContext.Response.SetHeader("Access-Control-Allow-Headers", "*");
-                    httpContext.Response.SetHeader("Access-Control-Allow-Methods", "*");
+                    if (httpContext.Request.Headers.ContainsKey("Access-Control-Request-Headers"))
+                    {
+                        httpContext.Response.SetHeader("Access-Control-Allow-Headers", httpContext.Request.Headers["Access-Control-Request-Headers"].FirstOrDefault());
+                    }
                     return; // We bypass MVC completely
                 }
                 httpContext.SetIsBitpayAPI(isBitpayAPI);