Allow cross-site ajax with CORS.

Only allows un-credentialed (as in, no cookies or basic auth), no custom headers, and get (no post, put, delete, etc) requests.
This commit is contained in:
Craig Andrews 2010-04-15 12:52:59 -04:00
parent c748933132
commit 1081b06bbe

View File

@ -102,6 +102,7 @@ class ApiAction extends Action
function handle($args)
{
header('Access-Control-Allow-Origin: *');
parent::handle($args);
}