From 93e53649cbbff83085032f24d0808ae4a67f2f5a Mon Sep 17 00:00:00 2001
From: Alex Tselegidis <alextselegidis@gmail.com>
Date: Wed, 2 Aug 2023 19:08:24 +0200
Subject: [PATCH] Update the CORS configuration

---
 application/config/routes.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/application/config/routes.php b/application/config/routes.php
index 8ae23423..d52a18ee 100644
--- a/application/config/routes.php
+++ b/application/config/routes.php
@@ -82,7 +82,9 @@ header('X-Frame-Options: SAMEORIGIN');
 |
 */
 
-header('Access-Control-Allow-Origin: *'); // NOTICE: Change this header to restrict CORS access.
+header('Access-Control-Allow-Origin: ' . ($_SERVER['HTTP_ORIGIN'] ?? '*')); // NOTICE: Change this header to restrict CORS access.
+
+header('Access-Control-Allow-Credentials: "true"');
 
 if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
 {