From 16bc025fffd7125c011c521b5c5c446a8f64d334 Mon Sep 17 00:00:00 2001
From: Ralph Slooten <axllent@gmail.com>
Date: Thu, 4 May 2023 22:23:07 +1200
Subject: [PATCH] API: Set Access-Control-Allow-Headers when --api-cors is set

---
 server/server.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/server/server.go b/server/server.go
index 4d3fb8f..782d190 100644
--- a/server/server.go
+++ b/server/server.go
@@ -123,6 +123,7 @@ func middleWareFunc(fn http.HandlerFunc) http.HandlerFunc {
 		if AccessControlAllowOrigin != "" && strings.HasPrefix(r.RequestURI, config.Webroot+"api/") {
 			w.Header().Set("Access-Control-Allow-Origin", AccessControlAllowOrigin)
 			w.Header().Set("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT")
+			w.Header().Set("Access-Control-Allow-Headers", "*")
 		}
 
 		if config.UIAuthFile != "" {
@@ -161,6 +162,7 @@ func middlewareHandler(h http.Handler) http.Handler {
 		if AccessControlAllowOrigin != "" && strings.HasPrefix(r.RequestURI, config.Webroot+"api/") {
 			w.Header().Set("Access-Control-Allow-Origin", AccessControlAllowOrigin)
 			w.Header().Set("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT")
+			w.Header().Set("Access-Control-Allow-Headers", "*")
 		}
 
 		if config.UIAuthFile != "" {