From f30cf79fbaa74fcaf276fb5dd2528cae0f4d0a1e Mon Sep 17 00:00:00 2001
From: m10653 <m10653@users.noreply.github.com>
Date: Thu, 7 May 2026 23:24:53 -0400
Subject: [PATCH 1/2] Allow Cross origin requests

---
 app/src/main/java/de/rwth_aachen/phyphox/RemoteServer.java | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/app/src/main/java/de/rwth_aachen/phyphox/RemoteServer.java b/app/src/main/java/de/rwth_aachen/phyphox/RemoteServer.java
index a214a9c9c..9f5ee5e74 100644
--- a/app/src/main/java/de/rwth_aachen/phyphox/RemoteServer.java
+++ b/app/src/main/java/de/rwth_aachen/phyphox/RemoteServer.java
@@ -386,6 +386,11 @@ public synchronized void stop() {
 
     protected int respond(Response response, String contentType, InputStream in, long length) throws IOException {
         try {
+            // CORS: allow any origin to read remote-access responses so standalone
+            // browser pages (and bookmarklets served from other origins) can fetch /get etc.
+            response.getHeaders().add("Access-Control-Allow-Origin", "*");
+            response.getHeaders().add("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
+            response.getHeaders().add("Access-Control-Allow-Headers", "Content-Type");
             response.sendHeaders(200, length, System.currentTimeMillis(), null, contentType, null);
             response.sendBody(in, -1, null);
         } finally {

From f53263c86ee76b8932b4678216f78af358b0c089 Mon Sep 17 00:00:00 2001
From: m10653 <m10653@users.noreply.github.com>
Date: Thu, 7 May 2026 23:25:29 -0400
Subject: [PATCH 2/2] Allow Cross origin requests

---
 app/src/main/java/de/rwth_aachen/phyphox/RemoteServer.java | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/app/src/main/java/de/rwth_aachen/phyphox/RemoteServer.java b/app/src/main/java/de/rwth_aachen/phyphox/RemoteServer.java
index 9f5ee5e74..0fd3fda6a 100644
--- a/app/src/main/java/de/rwth_aachen/phyphox/RemoteServer.java
+++ b/app/src/main/java/de/rwth_aachen/phyphox/RemoteServer.java
@@ -386,11 +386,8 @@ public synchronized void stop() {
 
     protected int respond(Response response, String contentType, InputStream in, long length) throws IOException {
         try {
-            // CORS: allow any origin to read remote-access responses so standalone
-            // browser pages (and bookmarklets served from other origins) can fetch /get etc.
+            // CORS: allow cross-origin browser pages to read remote-access responses.
             response.getHeaders().add("Access-Control-Allow-Origin", "*");
-            response.getHeaders().add("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
-            response.getHeaders().add("Access-Control-Allow-Headers", "Content-Type");
             response.sendHeaders(200, length, System.currentTimeMillis(), null, contentType, null);
             response.sendBody(in, -1, null);
         } finally {