From d59e62312ae4358222979be9b49ade121e214d24 Mon Sep 17 00:00:00 2001
From: chme <christian.meffert@googlemail.com>
Date: Thu, 1 Mar 2018 06:37:14 +0100
Subject: [PATCH] [httpd] Allow cross origin POST, PUT, DELETE, OPTIONS
 requests

If the web interface is hosted on a different server, this is required
to allow sending e. g. post/put requests to control outputs.
---
 src/httpd.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/httpd.c b/src/httpd.c
index 346fdcd6..6c514127 100644
--- a/src/httpd.c
+++ b/src/httpd.c
@@ -743,9 +743,7 @@ httpd_gen_cb(struct evhttp_request *req, void *arg)
       output_headers = evhttp_request_get_output_headers(req);
 
       evhttp_add_header(output_headers, "Access-Control-Allow-Origin", allow_origin);
-
-      // Allow only GET method and authorization header in cross origin requests
-      evhttp_add_header(output_headers, "Access-Control-Allow-Method", "GET");
+      evhttp_add_header(output_headers, "Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
       evhttp_add_header(output_headers, "Access-Control-Allow-Headers", "authorization");
 
       // In this case there is no reason to go through httpd_send_reply