[FIX] http: permit debug mode on CORS-enabled routes

As of f814dd9908355465dd03735f4589dd1697b3658a, debug mode causes an extra X-Debug-Mode header to be sent by the rpc() JS method. This custom header was not whitelisted in the accepted CORS headers, therefore any cross-origin call to a route with `cors=True` would fail in debug mode, with a console error along those lines: "Request header field X-Debug-Mode is not allowed by Access-Control-Allow-Headers in preflight response" This would prevent loading the POS GUI in debug mode, for example. This commit is necessary in the 8.0 branch because the POSBox is currently based on a 8.0 server and may be accessed by a 9.0 POS or later, thus with the extra header.
2016-10-31 01:43:47 +01:00 · 2016-10-31 01:43:47 +01:00 · f2158e32c8
parent 86a9b7893e
commit f2158e32c8
1 changed files with 1 additions and 1 deletions
--- a/openerp/http.py
+++ b/openerp/http.py
@ -684,7 +684,7 @@ class HttpRequest(WebRequest):
        if request.httprequest.method == 'OPTIONS' and request.endpoint and request.endpoint.routing.get('cors'):
            headers = {
                'Access-Control-Max-Age': 60 * 60 * 24,
-                'Access-Control-Allow-Headers': 'Origin, X-Requested-With, Content-Type, Accept'
+                'Access-Control-Allow-Headers': 'Origin, X-Requested-With, Content-Type, Accept, X-Debug-Mode'
            }
            return Response(status=200, headers=headers)