Skip to content

Commit 941984f

Browse files
drew-grossdrew-gross
committed
Merge pull request #390 from workslon/hotfix/access-control-allow-headers-response-header
Fix Access-Control-Allow-Headers to match exact headers
2 parents 01f4bcc + 0755a29 commit 941984f

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

src/middlewares.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -138,7 +138,7 @@ function handleParseHeaders(req, res, next) {
138138
var allowCrossDomain = function(req, res, next) {
139139
res.header('Access-Control-Allow-Origin', '*');
140140
res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE,OPTIONS');
141-
res.header('Access-Control-Allow-Headers', '*');
141+
res.header('Access-Control-Allow-Headers', 'X-Parse-REST-API-Key, X-Parse-Javascript-Key, X-Parse-Application-Id, X-Parse-Client-Version, X-Parse-Session-Token, X-Requested-With, X-Parse-Revocable-Session, Content-Type');
142142

143143
// intercept OPTIONS method
144144
if ('OPTIONS' == req.method) {

0 commit comments

Comments
 (0)