Changes fix some CORS problems when making XMLRPC calls from

    browsers (which have gotten very picky over the years).
Add "Access-Control-Allow-Origin" to XMLRPC responses.
Add "Access-Control-Allow-Methods" and "Access-Control-Allow-Headers" to
    the HTTP OPTIONS response (used in CORS pre-flight request).

1 files changed, 4 insertions, 0 deletions

diff --git a/OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs b/OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs
index 52a4d92..562032d 100644
--- a/OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs
+++ b/OpenSim/Framework/Servers/HttpServer/BaseHttpServer.cs
@@ -1262,6 +1262,7 @@ namespace OpenSim.Framework.Servers.HttpServer
 
                         // if the method wasn't found, we can't determine KeepAlive state anyway, so lets do it only here
                         response.KeepAlive = keepAlive;
+                        response.AddHeader("Access-Control-Allow-Origin", "*");
                     }
                     else
                     {
@@ -1700,6 +1701,9 @@ namespace OpenSim.Framework.Servers.HttpServer
             switch (request.HttpMethod)
             {
                 case "OPTIONS":
+                    response.AddHeader("Access-Control-Allow-Origin", "*");
+                    response.AddHeader("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT, OPTIONS");
+                    response.AddHeader("Access-Control-Allow-Headers", "Content-Type");
                     response.StatusCode = (int)OSHttpStatusCode.SuccessOk;
                     return null;