Update CorsHandler.cs

Testing the CorsHandler on FF and Chrome has issues due to missing authentication headers in the CorsResponse.

As jQuery does not perform pre-flight checks a Cors request will never succeed using the mechanism described.

I have added the most common headers to the response, but need to consider custom headers sent to the server.

Reqards

Gary

Author: GaryMcAllister

source/DotNetOpenAuth.WebAPI/CorsHandler.cs

@@ -37,6 +37,11 @@ protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage reques
                 } else {
                     return base.SendAsync(request, cancellationToken).ContinueWith<HttpResponseMessage>(t => {
                                                                                                             HttpResponseMessage resp = t.Result;
+                /*This fixes the problem with CorsRequests using credentials in FF and Chrome*/                                                                                            
+                resp.Headers.Add("Access-Control-Allow-Credentials", "true");
+                resp.Headers.Add(AccessControlAllowMethods, "GET, POST, PUT, DELETE");
+                resp.Headers.Add(AccessControlAllowHeaders, "Authorization");                                                                                                            
+                                                                                                            
                                                                                                             resp.Headers.Add(AccessControlAllowOrigin, request.Headers.GetValues(Origin).First());
                                                                                                             return resp;
                                                                                                         });
@@ -46,4 +51,4 @@ protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage reques
             }
         }
     }
-}
+}