Fix CORS headers for preflight requests

OpenHistoricalMap · Sep 14, 2023 · 837ceaa · 837ceaa
1 parent c2aaad9
commit 837ceaa
Showing 1 changed file with 4 additions and 9 deletions.
diff --git a/images/web/config/production.conf b/images/web/config/production.conf
@@ -6,15 +6,10 @@
 
     # Add CORS headers for preflight requests
     <IfModule mod_headers.c>
-        Header always set Access-Control-Allow-Origin "*"
-        Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
-        Header always set Access-Control-Max-Age "1000"
-        Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
-
-        # Respond to preflight requests
-        RewriteEngine On
-        RewriteCond %{REQUEST_METHOD} OPTIONS
-        RewriteRule ^(.*)$ $1 [R=200,L,E=HTTP_ACCESS_CONTROL_ALLOW_HEADERS:Authorization]
+        Header set Access-Control-Allow-Origin "*"
+        Header set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
+        Header set Access-Control-Max-Age "1000"
+        Header set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
     </IfModule>
 
     # Existing rewrite rules