From 01f919ad90d40e7c277a9499935285cde468fb90 Mon Sep 17 00:00:00 2001 From: Renato Becker Date: Fri, 16 Nov 2018 14:04:42 -0200 Subject: [PATCH] Add new acceptable header on `Access-Control-Allow-Headers` to allow livechat rest api requests when CORS is enabled. (#12561) --- packages/rocketchat-api/server/api.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/rocketchat-api/server/api.js b/packages/rocketchat-api/server/api.js index 98719acbfecd..d28a95d95f49 100644 --- a/packages/rocketchat-api/server/api.js +++ b/packages/rocketchat-api/server/api.js @@ -386,7 +386,7 @@ const defaultOptionsEndpoint = function _defaultOptionsEndpoint() { if (RocketChat.settings.get('API_Enable_CORS') === true) { this.response.writeHead(200, { 'Access-Control-Allow-Origin': RocketChat.settings.get('API_CORS_Origin'), - 'Access-Control-Allow-Headers': 'Origin, X-Requested-With, Content-Type, Accept, X-User-Id, X-Auth-Token', + 'Access-Control-Allow-Headers': 'Origin, X-Requested-With, Content-Type, Accept, X-User-Id, X-Auth-Token, x-visitor-token', }); } else { this.response.writeHead(405);