Patch to not use * for CORS auth header

This commit is contained in:
Melon 2024-02-14 19:30:21 +00:00
parent f8dde8eebe
commit 333394cf89
Signed by: melon
GPG Key ID: 6C9D970C50D26A25

View File

@ -20,7 +20,8 @@ import (
// serveApiCors outputs the cors headers to make APIs work. // serveApiCors outputs the cors headers to make APIs work.
var serveApiCors = cors.New(cors.Options{ var serveApiCors = cors.New(cors.Options{
AllowedOrigins: []string{"*"}, // allow all origins for api requests // allow all origins for api requests
AllowOriginFunc: func(origin string) bool { return true },
AllowedHeaders: []string{"Content-Type", "Authorization"}, AllowedHeaders: []string{"Content-Type", "Authorization"},
AllowedMethods: []string{ AllowedMethods: []string{
http.MethodGet, http.MethodGet,