From 98f2276e177306d356fdd8dcb28a3012262da585 Mon Sep 17 00:00:00 2001
From: Bernd Bestel <bernd@berrnd.de>
Date: Tue, 21 Apr 2020 21:05:32 +0200
Subject: [PATCH] Send just * for Access-Control-Allow-Origin header in CORS
 OPTIONS requests (again closes #681)

---
 middleware/CorsMiddleware.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/middleware/CorsMiddleware.php b/middleware/CorsMiddleware.php
index 95305da0..d1a6663d 100644
--- a/middleware/CorsMiddleware.php
+++ b/middleware/CorsMiddleware.php
@@ -17,11 +17,10 @@ class CorsMiddleware extends BaseMiddleware
 		$routingResults = $routeContext->getRoutingResults();
 		$methods = $routingResults->getAllowedMethods();
 		//$requestHeaders = $request->getHeaderLine('Access-Control-Request-Headers');
-		$origin = $request->getHeaderLine('Origin');
 
 		$response = $handler->handle($request);
 
-		$response = $response->withHeader('Access-Control-Allow-Origin', $origin);
+		$response = $response->withHeader('Access-Control-Allow-Origin', '*');
 		$response = $response->withHeader('Access-Control-Allow-Methods', implode(',', $methods));
 		$response = $response->withHeader('Access-Control-Allow-Headers', 'Content-Type,GROCY-API-KEY');