From d3811907d54072d2c998e38c4190eb57754712fc Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Sat, 22 Jun 2019 15:07:26 +0100
Subject: [PATCH] Allow all headers in CORS requests

Temporary workaround if we do not want to maintain a whitelist.
---
 server/http.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/server/http.go b/server/http.go
index aef4642..0a7646e 100644
--- a/server/http.go
+++ b/server/http.go
@@ -445,6 +445,7 @@ func (h *Server) Handler() http.Handler {
 	// Add CORS headers on the main SSO API endpoint.
 	c := cors.New(cors.Options{
 		AllowedOrigins:   h.allowedOrigins,
+		AllowedHeaders:   []string{"*"},
 		AllowCredentials: true,
 		MaxAge:           86400,
 	})
-- 
GitLab