From 62b49dcb19b245874c32ab8bdc329540d7597931 Mon Sep 17 00:00:00 2001
From: Alejandro Celaya <alejandro@alejandrocelaya.com>
Date: Fri, 14 Apr 2017 12:55:34 +0200
Subject: [PATCH] Set cross domain allow-methods header with the same value as
 the allow header

---
 module/Rest/src/Middleware/CrossDomainMiddleware.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/module/Rest/src/Middleware/CrossDomainMiddleware.php b/module/Rest/src/Middleware/CrossDomainMiddleware.php
index 4d73acbf..eabbe0ac 100644
--- a/module/Rest/src/Middleware/CrossDomainMiddleware.php
+++ b/module/Rest/src/Middleware/CrossDomainMiddleware.php
@@ -17,6 +17,7 @@ class CrossDomainMiddleware implements MiddlewareInterface, RequestMethodInterfa
      * @param DelegateInterface $delegate
      *
      * @return Response
+     * @throws \InvalidArgumentException
      */
     public function process(Request $request, DelegateInterface $delegate)
     {
@@ -35,7 +36,8 @@ class CrossDomainMiddleware implements MiddlewareInterface, RequestMethodInterfa
 
         // Add OPTIONS-specific headers
         foreach ([
-            'Access-Control-Allow-Methods' => 'GET,POST,PUT,DELETE,OPTIONS', // TODO Should be based on path
+//            'Access-Control-Allow-Methods' => 'GET,POST,PUT,DELETE,OPTIONS', // TODO Should be based on path
+            'Access-Control-Allow-Methods' => $response->getHeaderLine('Allow'),
             'Access-Control-Max-Age' => '1000',
             'Access-Control-Allow-Headers' => $request->getHeaderLine('Access-Control-Request-Headers'),
         ] as $key => $value) {