bsw/jbe@1309: -- TODO workaround, needs to be resolved in WebMCP's request.handler
bsw/jbe@1309: if not request._route then
bsw/jbe@1309:   return
bsw/jbe@1309: end
bsw/jbe@1309: 
bsw/jbe@1309: if request.get_module() == "oauth2" and request.get_view() == "session" then
bsw/jbe@1309:   local origin = request.get_header("Origin")
bsw/jbe@1309:   if origin then
bsw/jbe@1309:     request.add_header("Access-Control-Allow-Origin", origin)
bsw/jbe@1309:   end
bsw/jbe@1309:   request.add_header("Access-Control-Allow-Credentials", "true")
bsw/jbe@1309:   request.add_header("Access-Control-Max-Age", "0")
bsw/jbe@1309: else
bsw/jbe@1309:   request.add_header("Access-Control-Allow-Origin", "*")
bsw/jbe@1309: end
bsw/jbe@1309:     
bsw/jbe@1309: request.add_header("Access-Control-Allow-Headers", "Authorization")