From 6765f0168aa75a9eec81898510c3e76ec80812c4 Mon Sep 17 00:00:00 2001
From: int2001 <joerg@dj7nt.de>
Date: Mon, 6 Oct 2025 10:56:23 +0000
Subject: [PATCH] Lax CORS-Logic for radio-API, so WebApps are also allowed to
 set frequency

---
 application/controllers/Api.php | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/application/controllers/Api.php b/application/controllers/Api.php
index c2fbae600..25d9290c7 100644
--- a/application/controllers/Api.php
+++ b/application/controllers/Api.php
@@ -592,6 +592,17 @@ class API extends CI_Controller {
 
 	function radio() {
 		session_write_close();
+
+                if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') { // Preflight CORS-Check: Allow posting from web-application as well (key is still needed!)
+                        header('Access-Control-Allow-Origin: *');
+                        header('Access-Control-Allow-Methods: POST, GET, OPTIONS');
+                        header('Access-Control-Allow-Headers: Content-Type');
+                        header('Access-Control-Max-Age: 86400');
+                        http_response_code(200);
+                        exit(0);
+                }
+                header('Access-Control-Allow-Origin: *'); // Allow posting from web-application as well (key is still needed!)
+
 		header('Content-type: application/json');
 
 		$this->load->model('api_model');