<IfModule mod_headers.c>
  # Allow all origins (use only if you are OK with wide-open CORS)
  Header always set Access-Control-Allow-Origin "*"
  Header always set Access-Control-Allow-Methods "GET, POST, OPTIONS, PUT, DELETE, PATCH"
  Header always set Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization"
  Header always set Access-Control-Expose-Headers "Content-Length, Content-Range"
  Header always set Access-Control-Max-Age "86400"
</IfModule>

# Handle preflight OPTIONS requests returning 200
<IfModule mod_rewrite.c>
  RewriteEngine On
  # If it's an OPTIONS request, stop rewriting and respond with 200
  RewriteCond %{REQUEST_METHOD} =OPTIONS
  RewriteRule ^(.*)$ $1 [R=200,L]
</IfModule>
