From 7b190ccf0f4342140928988008e6fa3af2067b84 Mon Sep 17 00:00:00 2001
From: Jass Bagga <jbagga93@live.ca>
Date: Mon, 21 Nov 2016 16:13:30 -0800
Subject: [PATCH] Changed allowed header to Cache-control to illustrate
 Access-Control-Allow-Headers and Access-Control-Request-Headers

---
 samples/SampleDestination/Startup.cs    | 2 +-
 samples/SampleOrigin/wwwroot/Index.html | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/samples/SampleDestination/Startup.cs b/samples/SampleDestination/Startup.cs
index 199bb16795..9859aa3abb 100644
--- a/samples/SampleDestination/Startup.cs
+++ b/samples/SampleDestination/Startup.cs
@@ -24,7 +24,7 @@ namespace SampleDestination
             app.UseCors(policy => policy               
                 .WithOrigins("http://origin.example.com:5001")              
                 .WithMethods("PUT")
-                .WithHeaders("Content-Length"));
+                .WithHeaders("Cache-Control"));
 
             app.Run(async context =>
             {
diff --git a/samples/SampleOrigin/wwwroot/Index.html b/samples/SampleOrigin/wwwroot/Index.html
index dd2c4f0ae9..6529ddb6ea 100644
--- a/samples/SampleOrigin/wwwroot/Index.html
+++ b/samples/SampleOrigin/wwwroot/Index.html
@@ -63,7 +63,7 @@
     </script>
     <p>CORS Sample</p>
     Method: <input type="text" id="methodName" /><br /><br />
-    Header Name: <input type="text" id="headerName" value="Content-Length" /> Header Value: <input type="text" id="headerValue" value="10" /><br /><br />
+    Header Name: <input type="text" id="headerName" value="Cache-Control" /> Header Value: <input type="text" id="headerValue" value="no-cache" /><br /><br />
     <script>
         document.getElementById('methodName')
     .addEventListener("keyup", function (event) {
@@ -90,10 +90,10 @@
 
     <button class="button gray" id="CORS" type="submit" onclick="makeCORSRequest(document.getElementById('methodName').value, document.getElementById('headerName').value, document.getElementById('headerValue').value);">Make a CORS Request</button><br /><br /><br /><br />
 
-    Method DELETE is not allowed:<button class="button red" id="InvalidMethodCORS" type="submit" onclick="makeCORSRequest('DELETE', 'Content-Length', '10');">Invalid Method CORS Request</button>
-    Method PUT is allowed:<button class="button green" id="InvalidMethodCORS" type="submit" onclick="makeCORSRequest('PUT', 'Content-Length', '10');">Valid Method CORS Request</button><br /><br />
+    Method DELETE is not allowed:<button class="button red" id="InvalidMethodCORS" type="submit" onclick="makeCORSRequest('DELETE', 'Cache-Control', 'no-cache');">Invalid Method CORS Request</button>
+    Method PUT is allowed:<button class="button green" id="InvalidMethodCORS" type="submit" onclick="makeCORSRequest('PUT', 'Cache-Control', 'no-cache');">Valid Method CORS Request</button><br /><br />
 
     Header 'Max-Forwards' not supported:<button class="button red" id="InvalidHeaderCORS" type="submit" onclick="makeCORSRequest('PUT', 'Max-Forwards', 'x');">Invalid Header CORS Request</button>
-    Header 'Content-Length' is supported:<button class="button green" id="InvalidHeaderCORS" type="submit" onclick="makeCORSRequest('PUT', 'Content-Length', 'x');">Valid Header CORS Request</button><br /><br />
+    Header 'Cache-Control' is supported:<button class="button green" id="InvalidHeaderCORS" type="submit" onclick="makeCORSRequest('PUT', 'Cache-Control', 'no-cache');">Valid Header CORS Request</button><br /><br />
 </body>
 </html>
\ No newline at end of file