CORS: use wildcard for Access-Control-Expose-Headers and Access-Control-Allow-Headers

2020-11-05 16:50:31 +01:00 · 2020-11-05 16:50:31 +01:00 · b9834cf453
commit b9834cf453
parent 8a630186c8
1 changed files with 3 additions and 21 deletions
--- a/lib/api/middlewares/cors.js
+++ b/lib/api/middlewares/cors.js
@ -1,28 +1,10 @@
 'use strict';

-module.exports = function cors (extraHeaders = []) {
+module.exports = function cors () {
    return function (req, res, next) {
-        const headers = [
-            'X-Requested-With',
-            'X-Prototype-Version',
-            'X-CSRF-Token',
-            'Authorization',
-            'Carto-Event',
-            'Carto-Event-Source',
-            'Carto-Event-Group-Id',
-            ...extraHeaders
-        ];
-
-        const exposedHeaders = [
-            'Carto-Rate-Limit-Limit',
-            'Carto-Rate-Limit-Remaining',
-            'Carto-Rate-Limit-Reset',
-            'Retry-After'
-        ];
-
        res.header('Access-Control-Allow-Origin', '*');
-        res.header('Access-Control-Allow-Headers', headers.join(', '));
-        res.header('Access-Control-Expose-Headers', exposedHeaders.join(', '));
+        res.header('Access-Control-Allow-Headers', '*');
+        res.header('Access-Control-Expose-Headers', '*');

        if (req.method === 'OPTIONS') {
            return res.send();