Remove Request Headers CORS Preflight Requirement

2019-11-28 08:24:06 -06:00 · 2019-11-28 08:24:06 -06:00 · a87c104172
commit a87c104172
parent b2c59be8de
2 changed files with 21 additions and 4 deletions
--- a/pkg/middlewares/headers/headers.go
+++ b/pkg/middlewares/headers/headers.go
@ -221,13 +221,11 @@ func (s *Header) processCorsHeaders(rw http.ResponseWriter, req *http.Request) b
 	}

 	reqAcMethod := req.Header.Get("Access-Control-Request-Method")
-	reqAcHeaders := req.Header.Get("Access-Control-Request-Headers")
 	originHeader := req.Header.Get("Origin")

-	if reqAcMethod != "" && reqAcHeaders != "" && originHeader != "" && req.Method == http.MethodOptions {
+	if reqAcMethod != "" && originHeader != "" && req.Method == http.MethodOptions {
 		// If the request is an OPTIONS request with an Access-Control-Request-Method header,
-		// and Access-Control-Request-Headers headers, and Origin headers,
-		// then it is a CORS preflight request,
+		// and Origin headers, then it is a CORS preflight request,
 		// and we need to build a custom response: https://www.w3.org/TR/cors/#preflight-request
 		if s.headers.AccessControlAllowCredentials {
 			rw.Header().Set("Access-Control-Allow-Credentials", "true")