From 3a10db99c762de8ebd44976f1123b7afe6bdcb73 Mon Sep 17 00:00:00 2001
From: An Tao <antao2002@gmail.com>
Date: Thu, 13 Aug 2020 21:41:29 +0800
Subject: [PATCH] Set the response Access-Control-Allow-Headers header
 correctly for OPTIONS requests (#534)

---
 lib/src/HttpControllersRouter.cc       | 7 +++++--
 lib/src/HttpSimpleControllersRouter.cc | 7 +++++--
 lib/src/WebsocketControllersRouter.cc  | 7 +++++--
 3 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/lib/src/HttpControllersRouter.cc b/lib/src/HttpControllersRouter.cc
index 56e5e498..ad62ece2 100644
--- a/lib/src/HttpControllersRouter.cc
+++ b/lib/src/HttpControllersRouter.cc
@@ -660,8 +660,11 @@ void HttpControllersRouter::doPreHandlingAdvices(
             resp->addHeader("Access-Control-Allow-Origin", origin);
         }
         resp->addHeader("Access-Control-Allow-Methods", methods);
-        resp->addHeader("Access-Control-Allow-Headers",
-                        "x-requested-with,content-type");
+        auto &headers = req->getHeaderBy("access-control-request-headers");
+        if (!headers.empty())
+        {
+            resp->addHeader("Access-Control-Allow-Headers", headers);
+        }
         callback(resp);
         return;
     }
diff --git a/lib/src/HttpSimpleControllersRouter.cc b/lib/src/HttpSimpleControllersRouter.cc
index caf03bfc..4808ab24 100644
--- a/lib/src/HttpSimpleControllersRouter.cc
+++ b/lib/src/HttpSimpleControllersRouter.cc
@@ -337,8 +337,11 @@ void HttpSimpleControllersRouter::doPreHandlingAdvices(
             resp->addHeader("Access-Control-Allow-Origin", origin);
         }
         resp->addHeader("Access-Control-Allow-Methods", methods);
-        resp->addHeader("Access-Control-Allow-Headers",
-                        "x-requested-with,content-type");
+        auto &headers = req->getHeaderBy("access-control-request-headers");
+        if (!headers.empty())
+        {
+            resp->addHeader("Access-Control-Allow-Headers", headers);
+        }
         callback(resp);
         return;
     }
diff --git a/lib/src/WebsocketControllersRouter.cc b/lib/src/WebsocketControllersRouter.cc
index c938241a..824544e0 100644
--- a/lib/src/WebsocketControllersRouter.cc
+++ b/lib/src/WebsocketControllersRouter.cc
@@ -282,8 +282,11 @@ void WebsocketControllersRouter::doControllerHandler(
             resp->addHeader("Access-Control-Allow-Origin", origin);
         }
         resp->addHeader("Access-Control-Allow-Methods", methods);
-        resp->addHeader("Access-Control-Allow-Headers",
-                        "x-requested-with,content-type");
+        auto &headers = req->getHeaderBy("access-control-request-headers");
+        if (!headers.empty())
+        {
+            resp->addHeader("Access-Control-Allow-Headers", headers);
+        }
         callback(resp);
         return;
     }