From 9915547b19cf1855e824f4c37b31b68e19927ac2 Mon Sep 17 00:00:00 2001
From: antisnatchor <antisnatchor@gmail.com>
Date: Wed, 1 May 2013 17:19:48 +0100
Subject: [PATCH] Issue #886: Added support for preflight OPTIONS request.

---
 core/main/router/router.rb | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/core/main/router/router.rb b/core/main/router/router.rb
index 4c155680d..39ae98d13 100644
--- a/core/main/router/router.rb
+++ b/core/main/router/router.rb
@@ -92,6 +92,15 @@ module BeEF
             end
           end
 
+          # @note If CORS are enabled, expose the appropriate headers
+          # this apparently duplicate code is needed to reply to preflight OPTIONS requests, which need to respond with a 200
+          if request.request_method == 'OPTIONS' && config.get("beef.http.restful_api.allow_cors")
+            allowed_domains = config.get("beef.http.restful_api.cors_allowed_domains")
+            headers "Access-Control-Allow-Origin" => allowed_domains,
+                    "Access-Control-Allow-Methods" => "POST, GET"
+            halt 200
+          end
+
           # @note If CORS are enabled, expose the appropriate headers
           if config.get("beef.http.restful_api.allow_cors")
             allowed_domains = config.get("beef.http.restful_api.cors_allowed_domains")