From 1081b06bbe10ee5457bd5c53df4561f512c78ded Mon Sep 17 00:00:00 2001
From: Craig Andrews <candrews@integralblue.com>
Date: Thu, 15 Apr 2010 12:52:59 -0400
Subject: Allow cross-site ajax with CORS.

Only allows un-credentialed (as in, no cookies or basic auth), no custom headers, and get (no post, put, delete, etc) requests.
---
 lib/apiaction.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/apiaction.php b/lib/apiaction.php
index 5245c7ef6..d5580abd3 100644
--- a/lib/apiaction.php
+++ b/lib/apiaction.php
@@ -102,6 +102,7 @@ class ApiAction extends Action
 
     function handle($args)
     {
+        header('Access-Control-Allow-Origin: *');
         parent::handle($args);
     }
 
-- 
cgit v1.2.3-54-g00ecf