From 3b8809c99067978c7f22e0801cb29be6040481a8 Mon Sep 17 00:00:00 2001
From: David Christofas <dchristofas@owncloud.com>
Date: Mon, 30 Mar 2020 14:58:40 +0200
Subject: [PATCH] add header to access-control-allow-headers

---
 changelog/unreleased/add-header-to-cors-handler.md | 5 +++++
 middleware/header.go                               | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)
 create mode 100644 changelog/unreleased/add-header-to-cors-handler.md

diff --git a/changelog/unreleased/add-header-to-cors-handler.md b/changelog/unreleased/add-header-to-cors-handler.md
new file mode 100644
index 000000000..5f6f4aa62
--- /dev/null
+++ b/changelog/unreleased/add-header-to-cors-handler.md
@@ -0,0 +1,5 @@
+Change: Add header to cors handler 
+
+The `x-requested-with` header was added to allow ajax requests.
+
+https://github.com/owncloud/ocis-pkg/issues/41
diff --git a/middleware/header.go b/middleware/header.go
index 4eb02dab8..0b311ac60 100644
--- a/middleware/header.go
+++ b/middleware/header.go
@@ -24,7 +24,7 @@ func Cors(next http.Handler) http.Handler {
 		} else {
 			w.Header().Set("Access-Control-Allow-Origin", "*")
 			w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, PATCH, DELETE, OPTIONS")
-			w.Header().Set("Access-Control-Allow-Headers", "authorization, origin, content-type, accept")
+			w.Header().Set("Access-Control-Allow-Headers", "authorization, origin, content-type, accept, x-requested-with")
 			w.Header().Set("Allow", "HEAD, GET, POST, PUT, PATCH, DELETE, OPTIONS")
 
 			w.WriteHeader(http.StatusOK)