01_FHEMWEB:pm: CORS fix for csrfToken Header (Forum #67848)

git-svn-id: https://svn.fhem.de/fhem/trunk/fhem@13548 2b470e98-0d58-463d-a4d8-8e2adae1ed80
2025-05-04 22:19:38 +00:00 · 2017-02-28 19:40:41 +00:00 · 2017-02-28 19:40:41 +00:00 · 8f5dd04994
commit 8f5dd04994
parent 40d3d5df41
1 changed files with 2 additions and 1 deletions
--- a/FHEM/01_FHEMWEB.pm
+++ b/FHEM/01_FHEMWEB.pm
@ -422,7 +422,8 @@ FW_Read($$)
              "Access-Control-Allow-Methods: GET POST OPTIONS\r\n".
              "Access-Control-Allow-Headers: Origin, Authorization, Accept\r\n".
              "Access-Control-Allow-Credentials: true\r\n".
-              "Access-Control-Max-Age:86400\r\n" : "");
+              "Access-Control-Max-Age:86400\r\n".
+              "Access-Control-Expose-Headers: X-FHEM-csrfToken\r\n": "");
   $FW_headerlines .= "X-FHEM-csrfToken: $defs{$FW_wname}{CSRFTOKEN}\r\n"
        if($defs{$FW_wname}{CSRFTOKEN});