Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Issue #886: The preflight OPTIONS request now allow also the content-type header, required to use a json conten-type with POST requests.

Browse Source
This commit is contained in:
antisnatchor
2013-05-02 10:55:16 +01:00
parent 9915547b19
commit c5d5b99472
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
core/main/router/router.rb
View File

@@ -94,10 +94,12 @@ module BeEF
# @note If CORS are enabled, expose the appropriate headers
# this apparently duplicate code is needed to reply to preflight OPTIONS requests, which need to respond with a 200
# and be able to handle requests with a JSON content-type
if request.request_method == 'OPTIONS' && config.get("beef.http.restful_api.allow_cors")
allowed_domains = config.get("beef.http.restful_api.cors_allowed_domains")
headers "Access-Control-Allow-Origin" => allowed_domains,
"Access-Control-Allow-Methods" => "POST, GET"
"Access-Control-Allow-Methods" => "POST, GET",
"Access-Control-Allow-Headers" => "Content-Type"
halt 200
end