From 333394cf89d59a782c782dae190d1ff82b31e7ae Mon Sep 17 00:00:00 2001
From: MrMelon54 <github@mrmelon54.com>
Date: Wed, 14 Feb 2024 19:30:21 +0000
Subject: [PATCH] Patch to not use * for CORS auth header

---
 target/route.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/target/route.go b/target/route.go
index f0810f2..cfc6a88 100644
--- a/target/route.go
+++ b/target/route.go
@@ -20,8 +20,9 @@ import (
 
 // serveApiCors outputs the cors headers to make APIs work.
 var serveApiCors = cors.New(cors.Options{
-	AllowedOrigins: []string{"*"}, // allow all origins for api requests
-	AllowedHeaders: []string{"Content-Type", "Authorization"},
+	// allow all origins for api requests
+	AllowOriginFunc: func(origin string) bool { return true },
+	AllowedHeaders:  []string{"Content-Type", "Authorization"},
 	AllowedMethods: []string{
 		http.MethodGet,
 		http.MethodHead,