fix Access-Control-Allow-Headers to match exact

2016-02-12 23:06:56 +00:00
parent 2a200fc718
commit 0755a2953e
1 changed files with 1 additions and 1 deletions
--- a/src/middlewares.js
+++ b/src/middlewares.js
@@ -132,7 +132,7 @@ function handleParseHeaders(req, res, next) {
 var allowCrossDomain = function(req, res, next) {
  res.header('Access-Control-Allow-Origin', '*');
  res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE,OPTIONS');
-  res.header('Access-Control-Allow-Headers', '*');
+  res.header('Access-Control-Allow-Headers', 'X-Parse-REST-API-Key, X-Parse-Javascript-Key, X-Parse-Application-Id, X-Parse-Client-Version, X-Parse-Session-Token, X-Requested-With, X-Parse-Revocable-Session, Content-Type');
  // intercept OPTIONS method
  if ('OPTIONS' == req.method) {