From 84469dcd2557b4664523d4d3757bd41065cb295e Mon Sep 17 00:00:00 2001
From: MPTres <none@noemail.no>
Date: Mon, 4 Dec 2023 17:14:18 +0100
Subject: [PATCH 1/3] CORS. Add support for OPTIONS requests.

---
 internal/api/api.go       | 4 +++-
 internal/webrtc/server.go | 3 +++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/internal/api/api.go b/internal/api/api.go
index 828308060..5211a588d 100644
--- a/internal/api/api.go
+++ b/internal/api/api.go
@@ -211,7 +211,9 @@ func middlewareCORS(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		w.Header().Set("Access-Control-Allow-Origin", "*")
 		w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS")
-		w.Header().Set("Access-Control-Allow-Headers", "Authorization")
+		w.Header().Set("Access-Control-Allow-Headers", "Authorization, X-PINGOTHER, Content-Type")
+
+
 		next.ServeHTTP(w, r)
 	})
 }
diff --git a/internal/webrtc/server.go b/internal/webrtc/server.go
index 2b3af2640..c3eb13872 100644
--- a/internal/webrtc/server.go
+++ b/internal/webrtc/server.go
@@ -49,6 +49,9 @@ func syncHandler(w http.ResponseWriter, r *http.Request) {
 			http.Error(w, "", http.StatusBadRequest)
 		}
 
+	case "OPTIONS":
+		w.WriteHeader(http.StatusNoContent)
+
 	default:
 		http.Error(w, "", http.StatusMethodNotAllowed)
 	}

From 39b614fb0f63e7f0f01537de19eee06a6ffe70ad Mon Sep 17 00:00:00 2001
From: MPTres <none@noemail.no>
Date: Tue, 5 Dec 2023 13:37:05 +0100
Subject: [PATCH 2/3] Remove X-PINGOTHER from allowed headers.

---
 internal/api/api.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/internal/api/api.go b/internal/api/api.go
index 5211a588d..7d0d3ff7d 100644
--- a/internal/api/api.go
+++ b/internal/api/api.go
@@ -211,7 +211,7 @@ func middlewareCORS(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		w.Header().Set("Access-Control-Allow-Origin", "*")
 		w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS")
-		w.Header().Set("Access-Control-Allow-Headers", "Authorization, X-PINGOTHER, Content-Type")
+		w.Header().Set("Access-Control-Allow-Headers", "Authorization, Content-Type")
 
 
 		next.ServeHTTP(w, r)

From 0da8b46148d16c4a276507b2bd75b20c0e0c6916 Mon Sep 17 00:00:00 2001
From: MPTres <none@noemail.no>
Date: Tue, 5 Dec 2023 13:52:34 +0100
Subject: [PATCH 3/3] remove empty lines.

---
 internal/api/api.go | 2 --
 1 file changed, 2 deletions(-)

diff --git a/internal/api/api.go b/internal/api/api.go
index 7d0d3ff7d..945d42dae 100644
--- a/internal/api/api.go
+++ b/internal/api/api.go
@@ -212,8 +212,6 @@ func middlewareCORS(next http.Handler) http.Handler {
 		w.Header().Set("Access-Control-Allow-Origin", "*")
 		w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS")
 		w.Header().Set("Access-Control-Allow-Headers", "Authorization, Content-Type")
-
-
 		next.ServeHTTP(w, r)
 	})
 }