From ade08918e20c0744b03c4a74e8d96517af4d7211 Mon Sep 17 00:00:00 2001
From: Jeff Carr <jcarr@wit.com>
Date: Sat, 25 May 2019 18:04:50 -0700
Subject: [PATCH] TODO note to never allow CORS

Signed-off-by: Jeff Carr <jcarr@wit.com>
---
 signup.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/signup.go b/signup.go
index 135fb61..85e743e 100644
--- a/signup.go
+++ b/signup.go
@@ -46,6 +46,16 @@ func writeToFile(filename string, a string) {
 }
 
 func handler2(w http.ResponseWriter, r *http.Request) {
+	// NOTE:
+	// NOTE: If you are having to enable 'CORS' then
+	// NOTE: something is really wrong with the design
+	// NOTE: and general architecture. Never allow this.
+	// NOTE: fix your design the right way.
+	// NOTE:
+	// 
+	// TODO: remove all ability to accept any CORS
+	//       on any WIT backend and infrastructre anything
+	// 
 	w.Header().Set("Access-Control-Allow-Origin", "*")
 	w.Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE")
 	w.Header().Set("Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization")