From 16b9e2c30a521d8070e855b90c30b17085fd61d7 Mon Sep 17 00:00:00 2001
From: Bernd Bestel <bernd@berrnd.de>
Date: Wed, 22 Apr 2020 17:36:20 +0200
Subject: [PATCH] Return Access-Control-Allow-Origin for all API (content)
 requests (references #681)

---
 middleware/JsonMiddleware.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/middleware/JsonMiddleware.php b/middleware/JsonMiddleware.php
index 8f60defc..92ac0e38 100644
--- a/middleware/JsonMiddleware.php
+++ b/middleware/JsonMiddleware.php
@@ -18,7 +18,12 @@ class JsonMiddleware extends BaseMiddleware
 		}
 		else
 		{
-			return $response->withHeader('Content-Type', 'application/json');
+			// TODO: This belongs more to CorsMiddleware, but that handles currently OPTIONS (CORS preflight) requests...
+			$response = $response->withHeader('Access-Control-Allow-Origin', '*');
+
+			$response = $response->withHeader('Content-Type', 'application/json');
+
+			return $response;
 		}
 	}
 }