From c9b66d6e28b1f3832d17fa31d00d3c6b689e2843 Mon Sep 17 00:00:00 2001
From: Michael <heluecht@pirati.ca>
Date: Wed, 9 Jun 2021 07:42:23 +0000
Subject: [PATCH] Deactivate CORS related headers

---
 src/App/Module.php | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/src/App/Module.php b/src/App/Module.php
index 8cc4dd710..4c61b4455 100644
--- a/src/App/Module.php
+++ b/src/App/Module.php
@@ -267,11 +267,13 @@ class Module
 
 		if ($server['REQUEST_METHOD'] === Router::OPTIONS) {
 			header('HTTP/1.1 204 No Content');
-			header('access-control-allow-credentials: true');
-			header('access-control-allow-headers: Authorization,Content-Type');
-			header('access-control-allow-methods: ' . implode(',', Router::ALLOWED_METHODS));
-			header('access-control-allow-origin: *');
-			header('access-control-max-age: 86400');
+			header('Allow: ' . implode(',', Router::ALLOWED_METHODS));
+			// Deactivated until we know about possible side effects
+			// header('Access-Control-Allow-Credentials: true');
+			// header('Access-Control-Allow-Headers: Authorization,Content-Type');
+			// header('Access-Control-Allow-Methods: ' . implode(',', Router::ALLOWED_METHODS));
+			// header('Access-Control-Allow-Origin: ' . DI::baseUrl());
+			// header('Access-Control-Max-Age: 86400');
 			exit();
 		}