From ebc96f66cbacbf359bacfe31bfce829fe75a15ac Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Tue, 29 Sep 2015 16:29:57 +0000
Subject: [PATCH] (captiveportal, new) work in progress

---
 .../OPNsense/CaptivePortal/Api/AccessController.php         | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/opnsense/mvc/app/controllers/OPNsense/CaptivePortal/Api/AccessController.php b/src/opnsense/mvc/app/controllers/OPNsense/CaptivePortal/Api/AccessController.php
index ab9756eeb..a7f6d1fba 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/CaptivePortal/Api/AccessController.php
+++ b/src/opnsense/mvc/app/controllers/OPNsense/CaptivePortal/Api/AccessController.php
@@ -77,7 +77,7 @@ class AccessController extends ApiControllerBase
         // disable standard authentication in CaptivePortal Access API calls.
         // set CORS headers
         $this->response->setHeader("Access-Control-Allow-Origin", "*");
-        $this->response->setHeader("Access-Control-Allow-Methods", "POST");
+        $this->response->setHeader("Access-Control-Allow-Methods", "OPTIONS, GET, POST");
     }
 
     /**
@@ -90,7 +90,7 @@ class AccessController extends ApiControllerBase
         if ($this->request->isOptions()) {
             // return empty result on CORS preflight
             return array();
-        } elseif ($this->request->isPost() && $this->hasPost('user')) {
+        } elseif ($this->request->isPost() && $this->request->hasPost('user')) {
             // close session for long running action
             $this->sessionClose();
 
@@ -117,7 +117,7 @@ class AccessController extends ApiControllerBase
                         break;
                     }
                 }
-                $isAuthenticated = true;
+
                 if ($isAuthenticated) {
                     // when authenticated, we have $authServer available to request additional data if needed
                     $clientSession = $this->clientSession((string)$cpZone->zoneid);