From c5d5b99472ef0e0c74641d4e9bc13e9ca8d39a84 Mon Sep 17 00:00:00 2001
From: antisnatchor <antisnatchor@gmail.com>
Date: Thu, 2 May 2013 10:55:16 +0100
Subject: [PATCH] Issue #886: The preflight OPTIONS request now allow also the
 content-type header, required to use a json conten-type with POST requests.

---
 core/main/router/router.rb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/core/main/router/router.rb b/core/main/router/router.rb
index 39ae98d13..c6ca5c6e5 100644
--- a/core/main/router/router.rb
+++ b/core/main/router/router.rb
@@ -94,10 +94,12 @@ module BeEF
 
           # @note If CORS are enabled, expose the appropriate headers
           # this apparently duplicate code is needed to reply to preflight OPTIONS requests, which need to respond with a 200
+          # and be able to handle requests with a JSON content-type
           if request.request_method == 'OPTIONS' && config.get("beef.http.restful_api.allow_cors")
             allowed_domains = config.get("beef.http.restful_api.cors_allowed_domains")
             headers "Access-Control-Allow-Origin" => allowed_domains,
-                    "Access-Control-Allow-Methods" => "POST, GET"
+                    "Access-Control-Allow-Methods" => "POST, GET",
+                    "Access-Control-Allow-Headers" => "Content-Type"
             halt 200
           end