From a411b3550887e12145ea07bbcca60b170ca243fd Mon Sep 17 00:00:00 2001
From: Pascal Birchler <pascal.birchler@gmail.com>
Date: Thu, 7 Jun 2018 20:18:29 +0200
Subject: [PATCH] Fix Access-Control-Request-Method header (#4424)

* Fix Access-Control-Request-Method header

* Make OPTIONS request work
---
 server/utils.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/server/utils.js b/server/utils.js
index 03139953..0dd6f44c 100644
--- a/server/utils.js
+++ b/server/utils.js
@@ -42,9 +42,9 @@ export function addCorsSupport (req, res) {
   }
 
   res.setHeader('Access-Control-Allow-Origin', req.headers.origin)
-  res.setHeader('Access-Control-Request-Method', req.headers.origin)
   res.setHeader('Access-Control-Allow-Methods', 'OPTIONS, GET')
-  res.setHeader('Access-Control-Allow-Headers', req.headers.origin)
+  // Based on https://github.com/primus/access-control/blob/4cf1bc0e54b086c91e6aa44fb14966fa5ef7549c/index.js#L158
+  res.setHeader('Access-Control-Allow-Headers', req.headers['access-control-request-headers'])
 
   if (req.method === 'OPTIONS') {
     res.writeHead(200)