Access-Control-Allow-Origin

[StephenAtty]

Should this be being set in the php code?

If you've set Access-Control-Allow-Origin in the apache config file (to stop leaching of bandwidth) then nothing works because you end up with two versions in the header.

Could it be made a switchable configuration in the $config global? So if needed people can turn it off

[hozikm]

I agree. Right now there is no way to limit origins. It's not possible in .php nor in webserver config because sending multiple Access-Control-Allow-Origin is always invalid.

[klokan]

A clean pull request is welcomed.