Patch to not use * for CORS auth header

2024-11-21 10:51:40 +00:00 · 2024-02-14 19:30:21 +00:00 · 2024-02-14 19:30:21 +00:00 · 333394cf89
commit 333394cf89
parent f8dde8eebe
1 changed files with 3 additions and 2 deletions
--- a/target/route.go
+++ b/target/route.go
@ -20,7 +20,8 @@ import (

 // serveApiCors outputs the cors headers to make APIs work.
 var serveApiCors = cors.New(cors.Options{
-	AllowedOrigins: []string{"*"}, // allow all origins for api requests
+	// allow all origins for api requests
+	AllowOriginFunc: func(origin string) bool { return true },
 	AllowedHeaders:  []string{"Content-Type", "Authorization"},
 	AllowedMethods: []string{
 		http.MethodGet,