From f16acaaf03766052b329dc4b3f6fbc2b61a1d944 Mon Sep 17 00:00:00 2001 From: Brian Hanson Date: Fri, 6 May 2022 20:45:33 -0500 Subject: [PATCH] Update htaccess.txt --- templates/htaccess.txt | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/templates/htaccess.txt b/templates/htaccess.txt index 5948f49..a26d772 100644 --- a/templates/htaccess.txt +++ b/templates/htaccess.txt @@ -61,4 +61,9 @@ Header set X-XSS-Protection "1; mode=block" Header always append X-Frame-Options SAMEORIGIN Header set X-Content-Type-Options nosniff + + # Allow special headers for blitz CORs requests + # Honestly, not sure why we need this, but from time to time dynamic Blitz requests fail without it. + Header add Access-Control-Allow-Headers "x-requested-with" + Header add Access-Control-Allow-Methods "GET, OPTIONS"