TODO note to never allow CORS
Signed-off-by: Jeff Carr <jcarr@wit.com>
This commit is contained in:
parent
ba1667eacf
commit
ade08918e2
10
signup.go
10
signup.go
|
|
@ -46,6 +46,16 @@ func writeToFile(filename string, a string) {
|
|||
}
|
||||
|
||||
func handler2(w http.ResponseWriter, r *http.Request) {
|
||||
// NOTE:
|
||||
// NOTE: If you are having to enable 'CORS' then
|
||||
// NOTE: something is really wrong with the design
|
||||
// NOTE: and general architecture. Never allow this.
|
||||
// NOTE: fix your design the right way.
|
||||
// NOTE:
|
||||
//
|
||||
// TODO: remove all ability to accept any CORS
|
||||
// on any WIT backend and infrastructre anything
|
||||
//
|
||||
w.Header().Set("Access-Control-Allow-Origin", "*")
|
||||
w.Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE")
|
||||
w.Header().Set("Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization")
|
||||
|
|
|
|||
Loading…
Reference in New Issue