Merge pull request #671 from CartoDB/cors-wildcards

CORS, use wildcard

lib/api/middlewares/cors.js

@@ -1,28 +1,10 @@
 'use strict';
 
-module.exports = function cors (extraHeaders = []) {
+module.exports = function cors () {
     return function (req, res, next) {
-        const headers = [
-            'X-Requested-With',
-            'X-Prototype-Version',
-            'X-CSRF-Token',
-            'Authorization',
-            'Carto-Event',
-            'Carto-Event-Source',
-            'Carto-Event-Group-Id',
-            ...extraHeaders
-        ];
-
-        const exposedHeaders = [
-            'Carto-Rate-Limit-Limit',
-            'Carto-Rate-Limit-Remaining',
-            'Carto-Rate-Limit-Reset',
-            'Retry-After'
-        ];
-
         res.header('Access-Control-Allow-Origin', '*');
-        res.header('Access-Control-Allow-Headers', headers.join(', '));
+        res.header('Access-Control-Allow-Headers', '*');
-        res.header('Access-Control-Expose-Headers', exposedHeaders.join(', '));
+        res.header('Access-Control-Expose-Headers', '*');
 
         if (req.method === 'OPTIONS') {
             return res.send();