fix: allow X-Cacheable access control header by default

johannschopplich · johannschopplich · commit 60a338da1edd · 2024-11-21T11:35:53.000+01:00
diff --git a/src/classes/Api/Api.php b/src/classes/Api/Api.php
@@ -98,7 +98,7 @@ public static function createPreflightResponse(): Response
         return new Response('', null, 204, [
             'Access-Control-Allow-Origin' => $kirby->option('headless.cors.allowOrigin', '*'),
             'Access-Control-Allow-Methods' => $kirby->option('headless.cors.allowMethods', 'GET, POST, OPTIONS'),
-            'Access-Control-Allow-Headers' => $kirby->option('headless.cors.allowHeaders', 'Accept, Content-Type, Authorization, X-Language'),
+            'Access-Control-Allow-Headers' => $kirby->option('headless.cors.allowHeaders', 'Authorization, X-Language, X-Cacheable'),
             'Access-Control-Max-Age' => $kirby->option('headless.cors.maxAge', '86400'),
         ]);
     }

Original file line number	Diff line number	Diff line change
`@@ -98,7 +98,7 @@ public static function createPreflightResponse(): Response`
`98`	`98`	`return new Response('', null, 204, [`
`99`	`99`	`'Access-Control-Allow-Origin' => $kirby->option('headless.cors.allowOrigin', '*'),`
`100`	`100`	`'Access-Control-Allow-Methods' => $kirby->option('headless.cors.allowMethods', 'GET, POST, OPTIONS'),`
`101`		`- 'Access-Control-Allow-Headers' => $kirby->option('headless.cors.allowHeaders', 'Accept, Content-Type, Authorization, X-Language'),`
	`101`	`+ 'Access-Control-Allow-Headers' => $kirby->option('headless.cors.allowHeaders', 'Authorization, X-Language, X-Cacheable'),`
`102`	`102`	`'Access-Control-Max-Age' => $kirby->option('headless.cors.maxAge', '86400'),`
`103`	`103`	`]);`
`104`	`104`	`}`