vadvs (vadvs) wrote in changelog,
vadvs
vadvs
changelog

[livejournal] r21599: LJSUP-11689: Add Access-Control-Allow-Me...

Committer: vad
LJSUP-11689: Add Access-Control-Allow-Methods: GET to stat. domain
U   trunk/cgi-bin/Apache/LiveJournal.pm
Modified: trunk/cgi-bin/Apache/LiveJournal.pm
===================================================================
--- trunk/cgi-bin/Apache/LiveJournal.pm	2012-03-29 15:16:37 UTC (rev 21598)
+++ trunk/cgi-bin/Apache/LiveJournal.pm	2012-03-29 15:18:05 UTC (rev 21599)
@@ -350,6 +350,9 @@
     ## allow cross domain ajax for (l-).stat domain
     if ($host eq "stat.$LJ::DOMAIN"){
         LJ::Request->header_out('Access-Control-Allow-Origin' => '*');
+        ## The Access-Control-Allow-Methods header indicates, as part of the response to a preflight request, 
+        ## only GET is allowed.
+        LJ::Request->header_out('Access-Control-Allow-Methods' => 'GET'); 
     }
 
     # disable TRACE (so scripts on non-LJ domains can't invoke

Tags: livejournal, pm, vad, vadvs
Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 0 comments