From 0755a2953e6bb92d2daad1f26050726522b39b7c Mon Sep 17 00:00:00 2001
From: vitaliysobur <workslon@gmail.com>
Date: Fri, 12 Feb 2016 23:06:56 +0000
Subject: [PATCH] fix Access-Control-Allow-Headers to match exact

---
 src/middlewares.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/middlewares.js b/src/middlewares.js
index a07b2a1b11..babc537783 100644
--- a/src/middlewares.js
+++ b/src/middlewares.js
@@ -132,7 +132,7 @@ function handleParseHeaders(req, res, next) {
 var allowCrossDomain = function(req, res, next) {
   res.header('Access-Control-Allow-Origin', '*');
   res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE,OPTIONS');
-  res.header('Access-Control-Allow-Headers', '*');
+  res.header('Access-Control-Allow-Headers', 'X-Parse-REST-API-Key, X-Parse-Javascript-Key, X-Parse-Application-Id, X-Parse-Client-Version, X-Parse-Session-Token, X-Requested-With, X-Parse-Revocable-Session, Content-Type');
 
   // intercept OPTIONS method
   if ('OPTIONS' == req.method) {