From 53a0a2f4e1919387300e22e0c57897a6420d7bd2 Mon Sep 17 00:00:00 2001
From: Bernd Bestel <bernd@berrnd.de>
Date: Tue, 21 Apr 2020 21:09:49 +0200
Subject: [PATCH] Also allow just all headers and request methods for CORS
 OPTIONS requests (references #681)

---
 middleware/CorsMiddleware.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/middleware/CorsMiddleware.php b/middleware/CorsMiddleware.php
index d1a6663d..66cdcbaa 100644
--- a/middleware/CorsMiddleware.php
+++ b/middleware/CorsMiddleware.php
@@ -13,16 +13,16 @@ class CorsMiddleware extends BaseMiddleware
 	{
 		$response = $handler->handle($request);
 
-		$routeContext = RouteContext::fromRequest($request);
-		$routingResults = $routeContext->getRoutingResults();
-		$methods = $routingResults->getAllowedMethods();
+		//$routeContext = RouteContext::fromRequest($request);
+		//$routingResults = $routeContext->getRoutingResults();
+		//$methods = $routingResults->getAllowedMethods();
 		//$requestHeaders = $request->getHeaderLine('Access-Control-Request-Headers');
 
 		$response = $handler->handle($request);
 
 		$response = $response->withHeader('Access-Control-Allow-Origin', '*');
-		$response = $response->withHeader('Access-Control-Allow-Methods', implode(',', $methods));
-		$response = $response->withHeader('Access-Control-Allow-Headers', 'Content-Type,GROCY-API-KEY');
+		$response = $response->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
+		$response = $response->withHeader('Access-Control-Allow-Headers', '*');
 
 		return $response;
 	}