From 5933dece3b8bc39f432e0e6e07555519366b892d Mon Sep 17 00:00:00 2001
From: Josh Eilers <josh.eilers@evernow.com>
Date: Fri, 29 Apr 2022 15:16:07 -0700
Subject: [PATCH] fix empty response body when allowedOrigins is set

---
 internal/core/middleware/middleware.go | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/internal/core/middleware/middleware.go b/internal/core/middleware/middleware.go
index d0483b7d..723e8170 100644
--- a/internal/core/middleware/middleware.go
+++ b/internal/core/middleware/middleware.go
@@ -129,14 +129,15 @@ func CORS(next http.Handler) http.Handler {
 			headers = corsContext.AllowedHeaders()
 		}
 		if len(domains) > 0 {
+			domain := domains[0]
 			for _, d := range domains {
 				if r.Header.Get("Origin") == d {
-					browser.SetCORSHeaders(w, d, headers)
-					return
+					domain = d
+					break
 				}
 			}
 			// Not a valid origin, set allowed origin to any allowed origin
-			browser.SetCORSHeaders(w, domains[0], headers)
+			browser.SetCORSHeaders(w, domain, headers)
 		} else {
 			origin := browser.DefaultAllowedOrigin
 			if r.Header.Get("Origin") != "" {