From 31c0a501e8196e27ca4f810a609e9b197a9a6d54 Mon Sep 17 00:00:00 2001
From: Ralph Slooten <axllent@gmail.com>
Date: Tue, 25 Apr 2023 08:57:16 +1200
Subject: [PATCH] Feature: Add Access-Control-Allow-Methods methods when CORS
 origin is set

@See #91
---
 server/server.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/server/server.go b/server/server.go
index 387fd36..4d3fb8f 100644
--- a/server/server.go
+++ b/server/server.go
@@ -122,6 +122,7 @@ func middleWareFunc(fn http.HandlerFunc) http.HandlerFunc {
 
 		if AccessControlAllowOrigin != "" && strings.HasPrefix(r.RequestURI, config.Webroot+"api/") {
 			w.Header().Set("Access-Control-Allow-Origin", AccessControlAllowOrigin)
+			w.Header().Set("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT")
 		}
 
 		if config.UIAuthFile != "" {
@@ -159,6 +160,7 @@ func middlewareHandler(h http.Handler) http.Handler {
 
 		if AccessControlAllowOrigin != "" && strings.HasPrefix(r.RequestURI, config.Webroot+"api/") {
 			w.Header().Set("Access-Control-Allow-Origin", AccessControlAllowOrigin)
+			w.Header().Set("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT")
 		}
 
 		if config.UIAuthFile != "" {