#74 allowing more cors headers

makesites · May 27, 2013 · 39f0380 · 39f0380
1 parent 83fde54
commit 39f0380
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/app/helpers/mvc.php b/app/helpers/mvc.php
@@ -358,7 +358,7 @@ function cors() {
 		} else {
 			header("Access-Control-Allow-Origin: *");
 		}
-			header("Access-Control-Allow-Headers: Content-Type, X-Requested-With, X-PINGOTHER");
+			header("Access-Control-Allow-Headers: X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version, X-PINGOTHER");
 			header("Access-Control-Max-Age: 86400");    // cache for 1 day
 			header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS");