CORS korrigiert

functions.php

@@ -1,30 +1,5 @@
 <?php
 
-/**
- *  An example CORS-compliant method.  It will allow any GET, POST, or OPTIONS requests from any
- *  origin.
- *
- *  In a production environment, you probably want to be more restrictive, but this gives you
- *  the general idea of what is involved.  For the nitty-gritty low-down, read:
- *
- *  - https://developer.mozilla.org/en/HTTP_access_control
- *  - https://fetch.spec.whatwg.org/#http-cors-protocol
- *
- */
-function cors() {
-	// Allow from any origin
-	header("Access-Control-Allow-Origin: *");
-	header('Access-Control-Max-Age: 86400');    // cache for 1 day
-	header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
-	header("Access-Control-Request-Headers: content-type");
-	// Access-Control headers are received during OPTIONS requests
-	if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
-//		header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
-//		header("Access-Control-Request-Headers: content-type");
-		exit(0);
-	}
-}
-
 function return_success() {
 	return json_encode(['status' => 'success', 'message' => 'OK']);
 }

webhook.php

@@ -2,7 +2,16 @@
 include 'config.php';
 include 'functions.php';
 
-cors();
+// CORS
+header("Access-Control-Allow-Origin: *");
+header('Access-Control-Max-Age: 86400');    // cache for 1 day
+if (strtolower($_SERVER['REQUEST_METHOD']) == 'options') {
+	http_response_code(204);
+	header("Access-Control-Allow-Headers: origin, content-type, accept");
+	header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
+	header("Access-Control-Allow-Private-Network: true");
+	exit(0);
+}
 
 // Read the raw POST data
 $data = json_decode(file_get_contents('php://input'), true)