From a88c0233d62351de64fa0b0d73b376d9eb996a61 Mon Sep 17 00:00:00 2001
From: Robert Elder <robert@robertelder.org>
Date: Mon, 27 Oct 2014 15:07:12 +0000
Subject: [PATCH] Don't throw exceptions for localhost in CORSHelper.

---
 airtime_mvc/application/common/CORSHelper.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/airtime_mvc/application/common/CORSHelper.php b/airtime_mvc/application/common/CORSHelper.php
index cf3f6d5ac..6febb0f1b 100644
--- a/airtime_mvc/application/common/CORSHelper.php
+++ b/airtime_mvc/application/common/CORSHelper.php
@@ -10,7 +10,7 @@ class CORSHelper
         //Chrome sends the Origin header for all requests, so we whitelist the webserver's hostname as well.
         $response = $response->setHeader('Access-Control-Allow-Origin', '*');
         $origin = $request->getHeader('Origin');
-        if (($origin != "") &&
+        if ((!(preg_match("/https?:\/\/localhost/", $origin) === 1)) && ($origin != "") &&
         (!in_array($origin,
                 array("http://www.airtime.pro",
                         "https://www.airtime.pro",