From 3725a5b64457c2bd8e87c8bd447b28f06291c33e Mon Sep 17 00:00:00 2001 From: "nicolas.dorier" Date: Sat, 2 Feb 2019 15:51:38 +0900 Subject: [PATCH] Correctly set Access-Control-Allow-Headers --- BTCPayServer/Hosting/BTCpayMiddleware.cs | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/BTCPayServer/Hosting/BTCpayMiddleware.cs b/BTCPayServer/Hosting/BTCpayMiddleware.cs index 063809a7a..9ff1c3332 100644 --- a/BTCPayServer/Hosting/BTCpayMiddleware.cs +++ b/BTCPayServer/Hosting/BTCpayMiddleware.cs @@ -42,8 +42,10 @@ namespace BTCPayServer.Hosting { httpContext.Response.StatusCode = 200; httpContext.Response.SetHeader("Access-Control-Allow-Origin", "*"); - httpContext.Response.SetHeader("Access-Control-Allow-Headers", "*"); - httpContext.Response.SetHeader("Access-Control-Allow-Methods", "*"); + if (httpContext.Request.Headers.ContainsKey("Access-Control-Request-Headers")) + { + httpContext.Response.SetHeader("Access-Control-Allow-Headers", httpContext.Request.Headers["Access-Control-Request-Headers"].FirstOrDefault()); + } return; // We bypass MVC completely } httpContext.SetIsBitpayAPI(isBitpayAPI);