jasonm/gist:3190997

## gistfile1.diff
diff --git a/chrome/content/zotero/xpcom/server.js b/chrome/content/zotero/xpcom/server.js
index d81b358..2165819 100755
--- a/chrome/content/zotero/xpcom/server.js
+++ b/chrome/content/zotero/xpcom/server.js
@@ -306,11 +306,11 @@ Zotero.Server.DataListener.prototype._generateResponse = function(status, conten
 	if(!Zotero.isServer) {
 		response += "X-Zotero-Version: "+Zotero.version+"\r\n";
 		response += "X-Zotero-Connector-API-Version: "+CONNECTOR_API_VERSION+"\r\n";
-		if(this.origin === "https://www.zotero.org" || this.origin === "http://www.zotero.org") {
+		// if(this.origin === "https://www.zotero.org" || this.origin === "http://www.zotero.org") {
 			response += "Access-Control-Allow-Origin: "+this.origin+"\r\n";
 			response += "Access-Control-Allow-Methods: POST, GET, OPTIONS\r\n";
 			response += "Access-Control-Allow-Headers: Content-Type,X-Zotero-Connector-API-Version,X-Zotero-Version\r\n";
-		}
+		// }
 	}

 	if(contentType) {
@@ -340,16 +340,16 @@ Zotero.Server.DataListener.prototype._processEndpoint = function(method, postDat
 		}

 		// Check that endpoint supports bookmarklet
-		if(this.origin) {
-			var isBookmarklet = this.origin === "https://www.zotero.org" || this.origin === "http://www.zotero.org";
-			// Disallow bookmarklet origins to access endpoints without permitBookmarklet
-			// set. We allow other origins to access these endpoints because they have to
-			// be privileged to avoid being blocked by our headers.
-			if(isBookmarklet && !endpoint.permitBookmarklet) {
-				this._requestFinished(this._generateResponse(403, "text/plain", "Access forbidden to bookmarklet\n"));
-				return;
-			}
-		}
+		// if(this.origin) {
+		// 	var isBookmarklet = this.origin === "https://www.zotero.org" || this.origin === "http://www.zotero.org";
+		// 	// Disallow bookmarklet origins to access endpoints without permitBookmarklet
+		// 	// set. We allow other origins to access these endpoints because they have to
+		// 	// be privileged to avoid being blocked by our headers.
+		// 	if(isBookmarklet && !endpoint.permitBookmarklet) {
+		// 		this._requestFinished(this._generateResponse(403, "text/plain", "Access forbidden to bookmarklet\\n"));
+		// 		return;
+		// 	}
+		// }

 		var decodedData = null;
 		if(postData && this.contentType) {
@@ -442,4 +442,4 @@ Zotero.Server.DataListener.prototype._requestFinished = function(response) {
  *
  * See connector/server_connector.js for examples
  */
-Zotero.Server.Endpoints = {}
\ No newline at end of file
+Zotero.Server.Endpoints = {}
	diff --git a/chrome/content/zotero/xpcom/server.js b/chrome/content/zotero/xpcom/server.js
	index d81b358..2165819 100755
	--- a/chrome/content/zotero/xpcom/server.js
	+++ b/chrome/content/zotero/xpcom/server.js
	@@ -306,11 +306,11 @@ Zotero.Server.DataListener.prototype._generateResponse = function(status, conten
	if(!Zotero.isServer) {
	response += "X-Zotero-Version: "+Zotero.version+"\r\n";
	response += "X-Zotero-Connector-API-Version: "+CONNECTOR_API_VERSION+"\r\n";
	- if(this.origin === "https://www.zotero.org" \|\| this.origin === "http://www.zotero.org") {
	+ // if(this.origin === "https://www.zotero.org" \|\| this.origin === "http://www.zotero.org") {
	response += "Access-Control-Allow-Origin: "+this.origin+"\r\n";
	response += "Access-Control-Allow-Methods: POST, GET, OPTIONS\r\n";
	response += "Access-Control-Allow-Headers: Content-Type,X-Zotero-Connector-API-Version,X-Zotero-Version\r\n";
	- }
	+ // }
	}

	if(contentType) {
	@@ -340,16 +340,16 @@ Zotero.Server.DataListener.prototype._processEndpoint = function(method, postDat
	}

	// Check that endpoint supports bookmarklet
	- if(this.origin) {
	- var isBookmarklet = this.origin === "https://www.zotero.org" \|\| this.origin === "http://www.zotero.org";
	- // Disallow bookmarklet origins to access endpoints without permitBookmarklet
	- // set. We allow other origins to access these endpoints because they have to
	- // be privileged to avoid being blocked by our headers.
	- if(isBookmarklet && !endpoint.permitBookmarklet) {
	- this._requestFinished(this._generateResponse(403, "text/plain", "Access forbidden to bookmarklet\n"));
	- return;
	- }
	- }
	+ // if(this.origin) {
	+ // var isBookmarklet = this.origin === "https://www.zotero.org" \|\| this.origin === "http://www.zotero.org";
	+ // // Disallow bookmarklet origins to access endpoints without permitBookmarklet
	+ // // set. We allow other origins to access these endpoints because they have to
	+ // // be privileged to avoid being blocked by our headers.
	+ // if(isBookmarklet && !endpoint.permitBookmarklet) {
	+ // this._requestFinished(this._generateResponse(403, "text/plain", "Access forbidden to bookmarklet\\n"));
	+ // return;
	+ // }
	+ // }

	var decodedData = null;
	if(postData && this.contentType) {
	@@ -442,4 +442,4 @@ Zotero.Server.DataListener.prototype._requestFinished = function(response) {
	*
	* See connector/server_connector.js for examples
	*/
	-Zotero.Server.Endpoints = {}
	\ No newline at end of file
	+Zotero.Server.Endpoints = {}