[FIX] http: permit debug mode on CORS-enabled routes
As of f814dd9908355465dd03735f4589dd1697b3658a, debug mode causes an extra X-Debug-Mode header to be sent by the rpc() JS method. This custom header was not whitelisted in the accepted CORS headers, therefore any cross-origin call to a route with `cors=True` would fail in debug mode, with a console error along those lines: "Request header field X-Debug-Mode is not allowed by Access-Control-Allow-Headers in preflight response" This would prevent loading the POS GUI in debug mode, for example. This commit is necessary in the 8.0 branch because the POSBox is currently based on a 8.0 server and may be accessed by a 9.0 POS or later, thus with the extra header.
This commit is contained in:
parent
86a9b7893e
commit
f2158e32c8
|
@ -684,7 +684,7 @@ class HttpRequest(WebRequest):
|
|||
if request.httprequest.method == 'OPTIONS' and request.endpoint and request.endpoint.routing.get('cors'):
|
||||
headers = {
|
||||
'Access-Control-Max-Age': 60 * 60 * 24,
|
||||
'Access-Control-Allow-Headers': 'Origin, X-Requested-With, Content-Type, Accept'
|
||||
'Access-Control-Allow-Headers': 'Origin, X-Requested-With, Content-Type, Accept, X-Debug-Mode'
|
||||
}
|
||||
return Response(status=200, headers=headers)
|
||||
|
||||
|
|
Loading…
Reference in New Issue