Add config to force CORS pre-flight headers to be included (chriskacerguis#886)

* Added config option to force setting of CORS pre-flight headers.

* Updated the setting to be empty by default and updated the comment.

Author: tangix

application/config/rest.php

@@ -604,3 +604,24 @@
 |
 */
 $config['allowed_cors_origins'] = [];
+
+/*
+|--------------------------------------------------------------------------
+| CORS Forced Headers
+|--------------------------------------------------------------------------
+|
+| If using CORS checks, always include the headers and values specified here 
+| in the OPTIONS client preflight.
+| Example:
+| $config['forced_cors_headers'] = [
+|   'Access-Control-Allow-Credentials' => 'true'
+| ];
+|
+| Added because of how Sencha Ext JS framework requires the header
+| Access-Control-Allow-Credentials to be set to true to allow the use of
+| credentials in the REST Proxy. 
+| See documentation here:
+| http://docs.sencha.com/extjs/6.5.2/classic/Ext.data.proxy.Rest.html#cfg-withCredentials
+|
+*/
+$config['forced_cors_headers'] = [];

application/libraries/REST_Controller.php

@@ -2333,6 +2333,15 @@ protected function _check_cors()
             }
         }
 
+        // If there are headers that should be forced in the CORS check, add them now
+        if (is_array($this->config->item('forced_cors_headers')))
+        {
+            foreach ($this->config->item('forced_cors_headers') as $header => $value)
+            {
+                header($header . ': ' . $value);
+            }
+        }
+
         // If the request HTTP method is 'OPTIONS', kill the response and send it to the client
         if ($this->input->method() === 'options')
         {