From bf1e8ca0d923158290a9cbbda277536fc5a04b8e Mon Sep 17 00:00:00 2001
From: Rub21 <ruben@developmentseed.org>
Date: Thu, 14 Sep 2023 12:25:43 -0500
Subject: [PATCH] Handle CORS Preflight Requests in Lighttpd

---
 images/web/config/lighttpd.conf | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/images/web/config/lighttpd.conf b/images/web/config/lighttpd.conf
index 3e11ed9a..4ec230ae 100644
--- a/images/web/config/lighttpd.conf
+++ b/images/web/config/lighttpd.conf
@@ -7,12 +7,7 @@ server.port = 81
 server.reject-expect-100-with-417 = "disable"
 
 # selecting modules
-server.modules = ( "mod_access", "mod_rewrite", "mod_fastcgi",  "mod_proxy", "mod_alias", "mod_setenv" )  # Added mod_setenv
-
-# Add CORS headers to all responses
-setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*",
-                               "Access-Control-Allow-Methods" => "GET, POST, PUT, OPTIONS",
-                               "Access-Control-Allow-Headers" => "origin, x-requested-with, content-type" )
+server.modules = ( "mod_access", "mod_rewrite", "mod_fastcgi",  "mod_proxy", "mod_alias" )
 
 # handling unknown routes
 server.error-handler-404   = "/dispatch.map"
@@ -29,6 +24,17 @@ mimetype.assign = (
   ".png" => "image/png"
 )
 
+# Handle CORS Preflight Requests
+$HTTP["request-method"] == "OPTIONS" {
+    setenv.add-response-header = (
+        "Access-Control-Allow-Origin" => "*",
+        "Access-Control-Allow-Methods" => "GET, POST, PUT, DELETE, OPTIONS",
+        "Access-Control-Allow-Headers" => "origin, x-requested-with, content-type",
+        "Access-Control-Allow-Credentials" => "true",
+        "Access-Control-Max-Age" => "86400"
+    )
+}
+
 #debug.log-request-handling = "enable"
 
 $HTTP["request-method"] == "GET" {